Seoul has accused hackers from North Korea of stealing classified details regarding a new laser weapon system and crucial defense information. The cyber intrusion, attributed to the North Korean hacking group Andariel, allegedly involved the illicit acquisition of 1.2 terabytes of data from 14 entities, encompassing South Korean defense and research organizations.
The stolen information includes details on advanced anti-aircraft weaponry, prompting joint efforts by the Seoul Metropolitan Police Agency and the US Federal Bureau of Investigation (FBI) to assess the extent of the data breach orchestrated by Andariel.
The alleged cyber espionage targeted various sectors, with the North Korean state-sponsored hacking group reportedly infiltrating South Korean defense firms, research institutes, and pharmaceutical companies. Authorities are actively collaborating to investigate the incident, seeking to comprehend the full scope of the breach and assess potential implications for South Korea’s national security.
Andariel is a North Korean state-sponsored malicious cyber group, as per the US Department of the Treasury in 2019. The Seoul Metropolitan Police Agency, collaborating with the US Federal Bureau of Investigation (FBI), is delving into the cyber-hacking incident, revealing that Andariel accessed proxy servers 83 times between December and March.
The investigation further uncovered that the hacking group extorted approximately $357,000 in Bitcoin from three domestic and foreign companies as ransom, in addition to the theft of 1.2 terabytes of data from South Korean organizations.
In 2021, a similar pattern emerged, with approximately $400 million worth of cryptocurrency being siphoned off. The cyber operations appear to be part of North Korea’s efforts to finance its missile program, with the regime resorting to various unconventional means, such as forging foreign currency, committing insurance fraud, and engaging in the production and sale of illegal drugs and weapons.
North Korean hackers, despite previous denials from Pyongyang, are being implicated in cyberattacks that have resulted in substantial financial gains, with millions of dollars reportedly netted.
Authorities revealed that a portion of the ransom money has been redirected to Pyongyang, with approximately 110 million won sent to a Chinese bank through the financial account of a foreign woman.
Police are investigating potential money laundering involvement by the woman and are scrutinizing her financial records. Experts express concerns about North Korea resorting to cryptocurrency theft as a means of financing its nuclear arsenal, especially in the face of extensive international sanctions.
Despite being subject to numerous international restrictions due to its nuclear weapons and ballistic missiles development, North Korea appears to have secured its cyber capabilities. The country reportedly deploys an army of skilled hackers numbering in the thousands, extracting finances to fund the state’s weapons programs.
Last year, South Korea’s spy agency alleged that North Korean cyber-criminals, operating under government directives, stole 1.2 billion won in virtual assets, contributing to a total of 1.5 trillion won over the past three years.