216.73.216.6

North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime's Military and Nuclear Programs

· Published 25/07/2024 19:26 · Modified 25/07/2024 20:29

Export JSON

Essential information

Published
25/07/2024 19:26
Modified
25/07/2024 20:29
Tags
2024-07-25 cisa
Related entities
60 observables, 1 intrusion sets (apt), 21 techniques (mitre), 22 malware, 8 others

Description

The U.S. Federal Bureau of Investigation (FBI) and several partner agencies are releasing this advisory to highlight a North Korean state-sponsored cyber group known as Andariel, operating under the Reconnaissance General Bureau (RGB) 3rd Bureau. This group primarily targets defense, aerospace, nuclear, and engineering entities to obtain sensitive technical data to advance North Korea's military and nuclear programs. The actors gain initial access through exploitation of public-facing web servers, move laterally using remote access tools, and exfiltrate data over alternative protocols. They also conduct ransomware operations against healthcare entities to fund their espionage activities.

Related entities

Vulnerabilities, IOCs, intrusion sets, MITRE techniques and other entities referenced in this report.

External references