South Korean Police Investigating North Korean Hacker Group Andariel
The South Korean police are currently investigating whether the North Korean hacker group Andariel has gained unauthorized access to valuable information regarding military technologies. This includes confidential defense data and details about South Korea’s new laser weapon system. The investigation is being conducted in collaboration with the FBI of the United States to determine the extent of the data obtained by the hacker group. [Source: U.S. Department of Treasury]
According to South Korean media reports, the stolen data contains crucial defense secrets. The hackers targeted various South Korean defense companies, research institutes, and pharmaceutical companies. A staggering amount of 250 files or 1.2 terabytes of information and data were stolen during the cyberattacks.
Upon discovering the cyberattacks, the police promptly notified the affected companies. Surprisingly, some of the targeted firms were not aware that they had been attacked until informed by law enforcement. In other cases, the authorities were only alerted when the violated companies reported the incidents themselves, while in some instances, the scope of the damage remained undisclosed.
The hacker group established a proxy server located in the heart of Pyongyang. Between December 2022 and March 2023, there were 83 recorded instances of accessing this server. It was primarily used to breach the websites of various companies and institutions. Notably, the group relied on the services of a South Korean hosting provider that caters to anonymous customers.
In addition to the cyberattacks, the group engaged in ransom demands, extorting a total of 470 million won (approximately $357,866) in Bitcoin from three South Korean and foreign companies. The police successfully traced the ransom payments to the Binance and BitHumb platforms. Approximately $76,000 was transferred to an account in a Chinese bank, from which the funds were then withdrawn near the North Korean border.
The police are also investigating the involvement of a foreign woman in the attacks relating to the distribution of malware. Some of the extorted bitcoins were transferred through her bank account and subsequently withdrawn at a Chinese bank. However, the woman denies any wrongdoing and denies participating in any criminal activities.
In 2019, the