The United States, the United Kingdom, and South Korea issued a joint statement on Thursday (July 25), accusing North Korean hackers of launching a global cyber espionage operation to steal military secrets in support of Pyongyang’s internationally banned nuclear weapons program. At the same time, the United States filed charges against a North Korean hacker.
According to reports by Reuters, the statement revealed that these hackers, known by cybersecurity researchers as Anadriel or APT45, are believed to be part of the Reconnaissance General Bureau of the Korean People’s Army, an entity that was sanctioned by the United States in 2015.
The statement highlighted that this cyber unit has targeted or infiltrated computer systems of various defense or engineering companies, including manufacturers of tanks, submarines, naval vessels, fighter jets, missiles, and radar systems.
Officials from the FBI and the U.S. Justice Department stated on Thursday that American victims also include the National Aeronautics and Space Administration (NASA), the Randolph Air Force Base in Texas, and the Robins Air Force Base in Georgia.
Prosecutors in the United States said that in an attack against NASA in February 2022, hackers used unauthorized malicious code to access NASA’s computer systems for three months, extracting over 17GB of non-classified data.
The statement further declared, “Government agencies drafting this statement believe that this organization and its cyber capabilities continue to pose a persistent threat to various industry sectors globally, including but not limited to entities in the United States, Japan, and India.”
Being isolated internationally, North Korea has long utilized secret hacker groups to steal sensitive military information.
U.S. officials indicated that to fund their operations, hackers used ransomware attacks on American hospitals and healthcare companies.
On Thursday, the U.S. Justice Department announced charges against a suspect named Rim Jong Hyok, accused of conspiring to access U.S. computer networks and money laundering.
One of the ransomware attacks attributed to Rim Jong Hyok involved a hospital in Kansas in May 2021 that was breached by hackers, leading the hospital to pay a ransom after its four computer servers were encrypted by the hackers.
The indictment mentioned that the hospital paid the ransom in bitcoin, which was then transferred to a Chinese bank and withdrawn from an ATM in Dandong, China, located near the China-North Korea Friendship Bridge connecting Dandong and Sinuiju in North Korea.
The FBI stated a reward of up to $10 million to gather information leading to the arrest of Rim Jong Hyok, who is believed to be currently in North Korea.
FBI and Justice Department officials informed reporters on Thursday that they have seized some online accounts belonging to these hackers, including $600,000 in virtual currency, which will be returned to the ransomware victims.
Paul Chichester from the National Cyber Security Centre in the UK stated, “The global cyber espionage operation we have exposed today demonstrates that actors supported by the North Korean regime are willing to take risks to pursue their military and nuclear programs.”
Last August, Reuters reported exclusively that elite North Korean hackers successfully breached the computer systems of the Russian missile development giant, NPO Mashinostroyeniya, located in the town of Reutov on the outskirts of Moscow.
APT45, affiliated with the North Korean Reconnaissance General Bureau’s intelligence agency, used common phishing techniques and computer vulnerabilities to infiltrate the systems of NPO Mashinostroyeniya.