Cybersecurity News that Matters

Cybersecurity News that Matters

North Korean hackers stole 250 files linked to defense technologies

by Kuksung Nam

Dec. 06, 2023
12:35 PM GMT+9

South Korean police are investigating a group of North Korea-affiliated hackers for their involvement in stealing approximately 250 files of data related to the nation’s defense technologies.

On December 4, the Seoul Metropolitan Police stated in a press release that North Korean-affiliated cybercriminals carried out attacks against multiple South Korean companies, including those in the defense industry, pharmaceutical firms, and research centers, gaining access to 1.2 terabytes worth of data in total. Among the stolen information, the police explained, was compromised information on crucial technologies, with the most concerning theft being 250 files of essential data including the information on the country’s anti-aircraft defense systems.

The South Korean police, who worked jointly with the Federal Bureau of Investigation (FBI), attribute the cyberattack to the North Korean hacking group Andariel. Andariel is believed to be a sub-group of the Lazarus Group, a team of malicious actors based in North Korea infamous for launching hacking attacks to steal cryptocurrencies for the benefit of the government of North Korea.

Law enforcement officials investigated the cybercriminal’s Gmail account and discovered that the hackers used South Korean servers as a strategic foothold from which to launch their attacks. The North Korean hackers were able to abuse the local servers by utilizing a domestic hosting service which lets people with ambiguous identities use their service as long as a fee is paid. According to the statement, the cybercriminals accessed the South Korean servers 83 times from Ryugyong-dong in Pyongyang from December of last year to March of this year.

The police further disclosed that the North Korean hackers extorted 470 million won ($360,000) worth of bitcoin in ransomware payments from three different companies, both in South Korea and abroad. A portion of the illicit proceeds were laundered through the account of a middleman, with around 110 million won ($84,000) being transferred to a Chinese bank in Liaoning province. The police suspect that the payment was funneled into North Korea by way of a withdrawal of funds made in one of the bank’s branches situated on the Chinese-North Korean border.

“We are conducting an investigation to determine exactly where the hackers exported the [anti-aircraft] technology,” said an official of the Advanced National Security Investigation Team of the Seoul Metropolitan Police to The Readable. The official explained that they could disclose no further details, such as the middleman’s age and nationality, as the investigation is still ongoing.

Meanwhile, on December 5, the South Korean ruling party called for the swift enactment of the Framework Act on Cybersecurity as a means to mitigate escalating threats posed by North Korean hackers.

“According to the intelligence authorities, North Korea executed from between 900,000 to 1,000,000 hacking attempts on average per day in the first half of this year,” said Yu Eui-dong, a South Korean lawmaker and member of the People Power Party’s policy committee during a meeting. “We need to enact a cybersecurity framework quickly, which is still dormant in congress, and establish a national cybersecurity response system.”


Subscribe to our newsletter for the latest insights and trends. Tailor your subscription to fit your interests:

By subscribing, you agree to our Privacy Policy. We respect your privacy and are committed to protecting your personal data. Your email address will only be used to send you the information you have requested, and you can unsubscribe at any time through the link provided in our emails.

  • Kuksung Nam
    : Author

    Kuksung Nam is a journalist for The Readable. She has extensively traversed the globe to cover the latest stories on the cyber threat landscape and has been producing in-depth stories on security and...

    View all posts
Stay Ahead with The Readable's Cybersecurity Insights