North hacked 14 South Korean entities, including defense contractors, police say | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

Kim Jong-un speaks before an audient at an event on Sunday. [KOREAN CENTRAL TV/YONHAP]

A North Korean hacking organization stole major technology data, including those from South Korean defense contractors.  
According to the Seoul Metropolitan Police Agency on Monday, in a joint investigation with the U.S. Federal Bureau of Investigation, North Korean hacking group Andariel since last year has hacked the server of 14 entities, including South Korean defense contractors, research institutes, pharmaceutical companies and subsidiaries large corporations.
Andariel is suspected of stealing technology data, including laser anti-aircraft defense systems and the servers’ ID and password.
The data the North Korean hacking group reportedly stole is estimated to be roughly 1.2 terabytes.

The North Korean hacking group seemed to have hacked the entities through a South Korean server rental company.
The entities that were hacked were unaware of the hacking attacks until the police notified them.
The police said they could not disclose how hackings occurred as they are still investigating the case.
Andariel is a hacking organization specialized in stealing military intelligence. The U.S. Treasury Department has listed it as one of the three hacking organizations backed by North Korea, including the Lazarus Group and Bluenoroff in 2019.
The hackers’ identities were caught after an internet protocol (IP) address was traced. The e-mail a detected hacker used had an IP address that was traced to Ryugyong-dong, Pyongyang.
The police also found the North Korean hacking group Andariel, between 2021 and April this year, extorted 470 million won worth of cryptocurrency after destroying servers using ransomware in three entities it hacked.
The police found that extorted money was wired to North Korea through a cryptocurrency account owned by a foreign woman living in Korea.
The woman was a former employee of a Hong Kong-based foreign exchange company.
According to the police, roughly 630,000 yuan or 110 million won worth of cryptocurrency was wired once in 2021 and another in 2022 to a Chinese bank in Liaoning Province, China, where it was withdrawn.
The police said that they have launched an investigation against the woman since July and are looking into the woman’s financial accounts and mobile phone.
The police said they have secured roughly 50,000 computer files and are looking into the connection between the woman and the North Korean hacking group.

BY LEE HO-JEONG [[email protected]]


Click Here For The Original Story From This Source.

National Cyber Security