US, UK, and South Korea Sound the Alarm: North Korean Hackers Actively Stealing Miltary Secrets

In a joint advisory released on Thursday, the United States, Britain, and South Korea warned of an alarming cyber espionage campaign orchestrated by North Korean hackers. These hackers, identified as Anadriel or APT45 by cybersecurity experts, have been relentlessly targeting classified military secrets worldwide to bolster Pyongyang’s prohibited nuclear weapons program.

The Shadowy World of APT45

Cybersecurity researchers have linked Anadriel, or APT45, to North Korea’s intelligence agency, the Reconnaissance General Bureau. This agency has been sanctioned by the U.S. since 2015. The hackers have focused their attacks on a wide range of defense and engineering firms, targeting manufacturers of tanks, submarines, naval vessels, fighter aircraft, and missile and radar systems.

These targets are not limited to private companies. The advisory highlighted significant breaches at NASA, Randolph Air Force Base in Texas, and Robins Air Force Base in Georgia. These attacks illustrate the extensive reach and capabilities of North Korean hackers.

In February 2022, hackers infiltrated NASA’s computer system using a sophisticated malware script. They maintained unauthorized access for three months, extracting over 17 gigabytes of unclassified data. This incident underscores the persistent threat posed by these cyber operatives.

Global Impact and Persistent Threat

The joint advisory emphasized that North Korean hackers pose an ongoing threat to various industry sectors globally. The threat is not confined to the U.S., Britain, and South Korea. Entities in Japan, India, and other countries are also at risk. North Korea, formally known as the Democratic People’s Republic of Korea (DPRK), has a notorious history of using covert hacking teams to steal sensitive military information. These teams have become a crucial component of the nation’s strategy to overcome its international isolation.

To fund their operations, North Korean hackers have also turned to ransomware attacks. U.S. officials allege that they have targeted hospitals and healthcare companies, among others. In one notable case, a Kansas-based hospital paid a ransom in bitcoin after hackers encrypted four of its computer servers. The bitcoin was traced to a Chinese bank and then withdrawn from an ATM in Dandong, China, near the Sino-Korean Friendship Bridge.

The Manhunt for Rim Jong Hyok

On Thursday, the U.S. Justice Department charged Rim Jong Hyok, a suspected hacker, with conspiring to access computer networks in the United States and engaging in money laundering. The FBI is offering a reward of up to $10 million for information leading to Rim’s arrest, who is believed to be in North Korea.

FBI and Justice Department officials announced that they had seized several online accounts belonging to the hackers, including $600,000 in virtual currency. This money will be returned to the victims of ransomware attacks. “The global cyber espionage operation that we have exposed today shows the lengths that DPRK state-sponsored actors are willing to go to pursue their military and nuclear programmes,” said Paul Chichester of Britain’s National Cyber Security Centre.

The Scope of North Korean Hackers Cyber Attacks

The scale and sophistication of North Korean hackers were further highlighted in a Reuters report from August last year. The report revealed that an elite group of hackers had breached systems at NPO Mashinostroyeniya, a rocket design bureau in Reutov, a small town near Moscow. This attack, like many others, utilized common phishing techniques and computer exploits to gain access to internal computer systems.

These revelations are a stark reminder of the ongoing cyber threat posed by North Korean hackers. Their relentless pursuit of classified military secrets and their use of ransomware attacks to fund operations illustrate a multifaceted and persistent threat.

The global community must remain vigilant against these cyber operatives. Enhanced cybersecurity measures and international cooperation are crucial in defending against this rising threat. As the joint advisory from the U.S., Britain, and South Korea demonstrates, combating the menace of North Korean hackers requires a concerted and unified effort.

How big is the threat posed by North Korean hackers to global communication networks? What can government do to prevent these cyber attacks?