South Korea: Seoul police have charged Andariel, a North Korea-based hacker group for stealing critical defense secrets from South Korea's defense companies.
Allegedly, the laundering ransomware is redirected to North Korea.
One of the 1.2 terabytes of data the hackers took was information on sophisticated anti-aircraft weaponry.
According to the Seoul Metropolitan Police Agency, the hacker group utilized servers that they had rented from a domestic server rental company to hack into dozens of South Korean organizations, including defense companies.
The ransomware campaign acquired ransoms from a number of private sector victim firms.
Earlier this year, the law enforcement agency and the FBI jointly conducted an investigation to determine the scope of Andariel's hacking operations.
Ariel Hacker Group In an investigation regarding the origin of Andariel, it was found that it is a subgroup of the Lazarus Group.
The group has stolen up to 1.2 terabytes of data from South Korean enterprises and demanded 470 million won in Bitcoin as ransom from three domestic and international organizations.
According to a study conducted by Mandiant, it was revealed that Andariel is operated by the North Korean intelligence organization Reconnaissance General Bureau, which gathers intelligence for the regime's advantage by mainly targeting international enterprises, governmental organizations, defense companies, and financial services infrastructure.
Apparently, the ransomware group is also involved in cybercrime activities to raise funds for conducting its operation, using specially designed tools like the Maui ransomware and DTrack malware to target global businesses.
In February, South Korea imposed sanctions on Andariel and other hacking groups operating in North Korea for engaging in illicit cyber operations to fund the dictatorial regime's nuclear and missile development projects.
The threat actor has used a number of domestic and foreign crypto exchanges, like Bithumb and Binance, to launder the acquired ransom.
Till now, a sum of 630,000 yuan has been transferred to China's K Bank in Liaoning Province.
The hackers proceeded to redirect the laundered money from the K Bank branch to a location close to the North Korea-China border.
Seoul police noted that they have seized the domestic servers and virtual asset exchange used by Andariel to conduct their campaigns.
The owner of the account, that was used in transferring the ransom, has been detained.
The police have warned businesses of the threat actor and have advised them to boost their cybersecurity and update security software to the latest versions.
It has also been advised to organizations to encrypt any critical data, in order to mitigate any future attack.
Police are planning to investigate server rental companies to verify their subscribers' identities and to ensure that the servers have not been used in any cybercrime activity.
This Cyber News was published on www.cysecurity.news. Publication date: Fri, 08 Dec 2023 17:13:05 +0000