Andariel, a North Korean hacking organization, has stolen digital data containing key technologies from South Korean defense firms and repatriated part of the money they acquired via ransomware attacks on other firms, police said Monday.
The Seoul Metropolitan Police Agency made the findings in collaboration with the United States Federal Bureau of Investigation, and an investigation is currently under way into the case, police officials said.
Andariel is known to be controlled by the Reconnaissance General Bureau, North Korea’s primary intelligence bureau.
Andariel used a loosely monitored South Korean server lender to access the websites of South Korean firms and institutions 83 times from Pyongyang’s Ryugyong-dong district from December last year to March.
The hacking group eventually infiltrated websites belonging to dozens of South Korean firms and organizations, including an IT service affiliate of a South Korean conglomerate, as well as research centers, universities, defense firms and financial institutions dealing with high-level science and technologies.
As a result of the attacks, digital data containing key defense technologies, such as information on laser-based air defense weapons, as well as the personal information of website users were leaked, the police officials said.
The leaked data amounts to 1.2 terabytes in volume, the officials said.
Andariel is also assumed to have pocketed 470 million won ($360,153) worth of digital coins via ransomware attacks on three South Korean firms, with some of the ransoms believed to have been sent back to North Korea.
According to police findings from local and overseas virtual asset exchanges, about 110 million won was transferred to a Chinese bank using the financial account of a female foreigner, and the funds were then withdrawn at a bank outlet located in an area along the China-North Korea border.
Police suspect the funds were eventually funneled to North Korea, and are currently looking into the foreign woman’s financial and mobile communication records to confirm whether she served as a channel for money laundering.
Source: Korea Times