Quick Hit

North Korean hackers have launched a global cyber espionage campaign targeting defense firms and NASA. The U.S. State Department is offering a $10 million reward for information on those responsible.

Key Details

• Global Campaign: The hackers, known as Anadriel or APT45, targeted defense and engineering firms worldwide, including entities like NASA and various U.S. Air Force bases.
• Charges and Reward: The U.S. has charged Rim Jong Hyok with cybercrimes and is offering up to $10 million for information leading to his arrest or identification of others involved.
• Impact on Infrastructure: These cyber operations have compromised critical U.S. infrastructure, extracting sensitive military data and disrupting healthcare services through ransomware.

Diving Deeper

North Korean hackers have conducted a global cyber espionage campaign to steal classified military secrets and support Pyongyang's banned nuclear weapons program, according to a joint advisory from the United States, Britain, and South Korea. The hackers, dubbed Andariel or APT45 by cybersecurity researchers, are believed to be part of North Korea's intelligence agency, the Reconnaissance General Bureau, which has been sanctioned by the U.S. since 2015.

The advisory highlights that the cyber unit has targeted or breached computer systems at various defense and engineering firms, including manufacturers of tanks, submarines, naval vessels, fighter aircraft, and missile and radar systems. U.S. victims have included NASA, Randolph Air Force Base in Texas, and Robins Air Force Base in Georgia.

To fund their operations, the hackers also used ransomware to target U.S. hospitals and healthcare companies. On Thursday, the U.S. Justice Department charged Rim Jong Hyok with conspiring to access U.S. computer networks and money laundering. One of the ransomware incidents involved a May 2021 hack against a Kansas-based hospital, which paid a ransom in bitcoin. The payment was traced to a Chinese bank and withdrawn from an ATM in Dandong, China.

Paul Chichester, a senior official at Britain's National Cyber Security Centre, emphasized the severity of the threat posed by North Korean state-sponsored actors in pursuing their military and nuclear programs. This sentiment was echoed in a recent exclusive report by Reuters, which revealed that North Korean hackers breached systems at NPO Mashinostroyeniya, a rocket design bureau near Moscow.

The U.S. Department of State’s Rewards for Justice program, administered by the Diplomatic Security Service, is offering a reward of up to $10 million for information leading to the identification or location of any person engaged in malicious cyber activities against U.S. critical infrastructure in violation of the Computer Fraud and Abuse Act.

Rim Jong Hyok and the Andariel group have conspired to hack U.S. hospitals and other healthcare providers, install ransomware, and extort ransoms, using the proceeds to fund further cyber operations targeting U.S. government entities and defense contractors. In one operation beginning in November 2022, the group extracted over 30 gigabytes of data from a U.S.-based defense contractor, including technical information on military aircraft and satellites.