North Korean hackers have launched a global cyber espionage campaign aimed at stealing classified military secrets to bolster Pyongyang’s banned nuclear weapons program, according to a joint advisory released on Thursday by the United States, Britain, and South Korea.
Known as Anadriel or APT45 by cybersecurity experts, these hackers are believed to be part of North Korea’s Reconnaissance General Bureau, an intelligence agency sanctioned by the US in 2015. This cyber unit has infiltrated computer systems at various defense and engineering firms, targeting manufacturers of tanks, submarines, naval vessels, fighter aircraft, and missile and radar systems.
The advisory detailed breaches at US entities such as the National Aeronautics and Space Administration (NASA), Randolph Air Force Base in Texas, and Robins Air Force Base in Georgia. In February 2022, hackers accessed NASA’s systems for three months, extracting over 17 gigabytes of unclassified data.
“The authoring agencies believe the group and the cyber techniques remain an ongoing threat to various industry sectors worldwide, including but not limited to entities in their respective countries, as well as in Japan and India,” the advisory stated.
North Korea, officially known as the Democratic People’s Republic of Korea (DPRK), has a history of covert hacking operations to steal sensitive military information. To fund their activities, the hackers have also targeted US hospitals and healthcare companies with ransomware attacks, U.S. officials allege.
On Thursday, the US Justice Department charged Rim Jong Hyok with conspiring to access computer networks in the United States and money laundering, highlighting the ongoing threat posed by North Korean cyber activities.
