North Korean hackers are stealing military secrets, US and allies say
North Korean hackers have conducted a global cyber espionage campaign in efforts to steal classified military secrets to support Pyongyang’s banned nuclear weapons programme, the United States, Britain and South Korea said in a joint advisory on Thursday.
The hackers, dubbed Andariel or APT45 by cybersecurity researchers, are believed to be part of North Korea’s intelligence agency known as the Reconnaissance General Bureau, an entity sanctioned by the US in 2015.
The cyber unit has targeted or breached computer systems at a broad variety of defence or engineering firms, including manufacturers of tanks, submarines, naval vessels, fighter aircraft, and missile and radar systems, the advisory said.
Victims in the US have also included the National Aeronautics and Space Administration (Nasa), Randolph Air Force Base in Texas and Robins Air Force Base in Georgia, FBI and US Justice Department officials said on Thursday.
In the February 2022 targeting of Nasa, the hackers used a malware script to gain unauthorised access to its computer system for three months, US prosecutors allege. Over 17 gigabytes of unclassified data were extracted.
“The authoring agencies believe the group and the cyber techniques remain an ongoing threat to various industry sectors worldwide, including but not limited to entities in their respective countries, as well as in Japan and India,” the advisory said.
Internationally isolated North Korea, known formally as the Democratic People’s Republic of Korea (DPRK), has a long history of using covert hacking teams to steal sensitive military information. To fund their operations, the hackers used ransomware to target US hospitals and healthcare companies, US officials allege.
On Thursday, the US Justice