US issues almost £8 million bounty for members of North Korean-backed hacking group
The burgeoning cyber threat posed by groups such as the North Korean-backed Andariel hacking group has prompted a united response from global security agencies. The US FBI, the UK's national security authorities, and South Korea's intelligence service have issued a comprehensive warning, urging critical infrastructure organisations to remain vigilant against such cyber activities. To bolster this call to action, the US government has announced a reward of up to $10 million (£7.7 million) for information leading to the identification or capture of key individuals, such as Rim Jong Hyok, involved in cyber espionage meant to advance North Korea’s military and nuclear ambitions. This is prepared by SSP.
Andariel, linked closely with North Korea's Reconnaissance General Bureau (RGB), has been actively targeting sectors such as defense, aerospace, and nuclear industries since 2009. This hacking group not only engages in cyber espionage to acquire classified data, such as details around military aircraft and satellite materials, but has also expanded its focus to include life sciences and pharmaceutical sectors during the pandemic.
Significantly, these operations have included ransomware attacks aimed at US healthcare facilities, encrypting patient records and disrupting hospital operations in an effort to extort funds that would then finance further espionage activities. The hacks spanned hospitals and clinics in various states, from Florida and Kansas to Arkansas and Colorado, consistently demonstrating the group’s aggressive tactics to generate revenue to fund their hacking missions.
Both the severity and breadth of these operations highlight a growing concern underscored by governmental bodies. For instance, the NCSC at the UK's GCHQ has underlined the grave threat that such cyber activities pose to global infrastructure. Elaborating on the damages, Paul Chichester, NCSC’s Director of Operations, remarked that these cyber-espionage efforts are clearly designed to bolster North Korea's military capabilities.
Furthermore, it’s estimated that North Korean hackers have already siphoned off billions from financial institutions and cryptocurrency firms globally, massively funding North Korea's missile development programs. The Biden administration has consequently marked thwarting North Korean ambitions via cyber avenues as a critical national security priority. South Korean and US intelligence services continue to endeavor in forestalling further intrusions, including attempts to recover stolen cryptocurrency funds.