{"id":15199,"date":"2024-07-28T15:19:22","date_gmt":"2024-07-28T18:19:22","guid":{"rendered":"https:\/\/www.fie.undef.edu.ar\/ceptm\/?p=15199"},"modified":"2024-07-28T15:19:22","modified_gmt":"2024-07-28T18:19:22","slug":"estados-unidos-y-corea-del-sur-advierten-que-el-grupo-de-piratas-informaticos-norcoreano-andariel-tiene-como-objetivo-empresas-de-defensa-y-aeroespaciales","status":"publish","type":"post","link":"https:\/\/www.fie.undef.edu.ar\/ceptm\/?p=15199","title":{"rendered":"Estados Unidos y Corea del Sur advierten que el grupo de piratas inform\u00e1ticos norcoreano Andariel tiene como objetivo empresas de defensa y aeroespaciales"},"content":{"rendered":"<p>Un grupo de piratas inform\u00e1ticos norcoreanos est\u00e1 en el centro de un esfuerzo global de espionaje cibern\u00e9tico para robar informaci\u00f3n militar clasificada, anunci\u00f3 hoy el FBI en un extenso aviso junto con otras agencias del gobierno estadounidense y sus contrapartes internacionales.Seg\u00fan el comunicado de Estados Unidos, el Reino Unido y Corea del Sur, Andariel, un supuesto grupo cibern\u00e9tico patrocinado por el Estado norcoreano, ha atacado organizaciones de defensa, aeroespaciales, nucleares y de ingenier\u00eda para obtener informaci\u00f3n t\u00e9cnica e intelectual clasificada para &#8220;avanzar en los programas y ambiciones militares y nucleares del r\u00e9gimen&#8221;.<\/p>\n<hr \/>\n<p>WASHINGTON \u2014 A group of\u00a0<a href=\"https:\/\/breakingdefense.com\/tag\/north-korea\/\" target=\"_blank\" rel=\"noopener\">North Korean<\/a>\u00a0hackers is at the center of a global cyber espionage effort to steal classified military information, the\u00a0<a href=\"https:\/\/breakingdefense.com\/tag\/fbi\/\" target=\"_blank\" rel=\"noopener\">FBI<\/a>\u00a0announced in a\u00a0<a href=\"https:\/\/www.cisa.gov\/sites\/default\/files\/2024-07\/aa24-207a-dprk-cyber-group-conducts-global-espionage-campaign.pdf\" target=\"_blank\" rel=\"noopener\">lengthy advisory today<\/a>\u00a0alongside other US government agencies and international counterparts.<\/p>\n<p>According to the US-UK-South Korean advisory, Andariel, a purported North Korean state-sponsored cyber group, has targeted\u00a0defense, aerospace, nuclear and engineering organizations to gain classified technical and intellectual information to \u201cadvance the regime\u2019s military and nuclear programs and ambitions.\u201d<\/p>\n<p>\u201cNorth Korea will continue to actively leverage cyber operations to further the strategic goals of the regime, whether that includes stealing and laundering cryptocurrency or conducting defense industrial espionage to advance their nuclear and conventional military capabilities,\u201d Jenny Jun, a research fellow on the CyberAI Project at the Center for Security and Emerging Technology who specializes in North Korean cyber capabilities, told Breaking Defense in an email.<\/p>\n<p>According to the advisory, the group targeted defense and engineering firms\u2019 computer systems in attempts to gain access to contracts, design drawings, bills of materials and other engineering documents that would divulge information on a variety of systems. These included:<\/p>\n<ul>\n<li aria-level=\"1\">Missile and missile defense systems<\/li>\n<li aria-level=\"1\">Submarines, torpedoes, unmanned underwater vehicles and autonomous underwater vehicles<\/li>\n<li aria-level=\"1\">Self-propelled howitzers<\/li>\n<li aria-level=\"1\">Ammunition supply vehicles<\/li>\n<li aria-level=\"1\">Combat ships and combatant craft<\/li>\n<li aria-level=\"1\">Fighter aircraft and unnamed aerial vehicles<\/li>\n<li aria-level=\"1\">Satellite and satellite communications<\/li>\n<li aria-level=\"1\">Shipbuilding and marine engineering<\/li>\n<\/ul>\n<p>The advisory did not state which specific firms in which countries have been targeted, though previous\u00a0<a href=\"https:\/\/en.yna.co.kr\/view\/AEN20231204005800315\" target=\"_blank\" rel=\"noopener\">media reports<\/a>\u00a0have alleged that networks of South Korean defense companies have been breached. The US government\u00a0<a href=\"https:\/\/www.state.gov\/rewards-for-justice-reward-offer-for-information-on-north-korean-malicious-cyber-actor-targeting-u-s-critical-infrastructure\/\" target=\"_blank\" rel=\"noopener\">separately alleged<\/a>\u00a0several US defense firms and military bases had been targeted, including a \u201cUS-based defense contractor\u201d whose network was successfully breached in November 2022.<\/p>\n<div class=\"iframe-container\">\n<div class=\"twitter-tweet twitter-tweet-rendered\"><iframe id=\"twitter-widget-0\" class=\"\" title=\"X Post\" src=\"https:\/\/platform.twitter.com\/embed\/Tweet.html?dnt=true&amp;embedId=twitter-widget-0&amp;features=eyJ0ZndfdGltZWxpbmVfbGlzdCI6eyJidWNrZXQiOltdLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2ZvbGxvd2VyX2NvdW50X3N1bnNldCI6eyJidWNrZXQiOnRydWUsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9iYWNrZW5kIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19yZWZzcmNfc2Vzc2lvbiI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfZm9zbnJfc29mdF9pbnRlcnZlbnRpb25zX2VuYWJsZWQiOnsiYnVja2V0Ijoib24iLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X21peGVkX21lZGlhXzE1ODk3Ijp7ImJ1Y2tldCI6InRyZWF0bWVudCIsInZlcnNpb24iOm51bGx9LCJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3Nob3dfYmlyZHdhdGNoX3Bpdm90c19lbmFibGVkIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19kdXBsaWNhdGVfc2NyaWJlc190b19zZXR0aW5ncyI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdXNlX3Byb2ZpbGVfaW1hZ2Vfc2hhcGVfZW5hYmxlZCI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdmlkZW9faGxzX2R5bmFtaWNfbWFuaWZlc3RzXzE1MDgyIjp7ImJ1Y2tldCI6InRydWVfYml0cmF0ZSIsInZlcnNpb24iOm51bGx9LCJ0ZndfbGVnYWN5X3RpbWVsaW5lX3N1bnNldCI6eyJidWNrZXQiOnRydWUsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9mcm9udGVuZCI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9fQ%3D%3D&amp;frame=false&amp;hideCard=false&amp;hideThread=false&amp;id=1816552795337621778&amp;lang=en&amp;origin=https%3A%2F%2Fbreakingdefense.com%2F2024%2F07%2Fus-south-korean-warn-north-korean-hacking-group-andariel-targets-defense-aerospace-firms%2F&amp;sessionId=f9b545f600d81c74124f8a14f53eb00fedbe81eb&amp;siteScreenName=BreakingDefense&amp;theme=light&amp;widgetsVersion=2615f7e52b7e0%3A1702314776716&amp;width=550px\" frameborder=\"0\" scrolling=\"no\" allowfullscreen=\"allowfullscreen\" data-tweet-id=\"1816552795337621778\" data-mce-fragment=\"1\"><\/iframe><\/div>\n<p>&nbsp;<\/p>\n<\/div>\n<p>According to Michael Barnhart, a senior researcher at Google cybersecurity subsidiary Mandiant, the cyber thefts appear to have paid off for Pyongyang.<\/p>\n<p>\u201cThe missile launches that [North Korea] did in years past, those missile launches, they blew up on the launch pad. They were not good. They were exploding,\u201d Barnhart, Mandiant\u2019s Principal Analyst and North Korea threat-hunting team, told Breaking Defense. \u201cLook at what we\u2019re dealing with now. We have missile launches all the time. We\u2019re seeing them every day. We\u2019re seeing so much that we\u2019ve seen even in open source, that they\u2019re actually, you know, exporting some of their missile technologies to Russia in some of the conflicts there.\u201d<\/p>\n<p>\u201cThis is the group that if Kim Jong Un wants something done, something done in-house, \u2018Hey, we need a missile program, we need to do this,\u2019 Andariel\u2019s the one to go out and find the blueprints,\u201d he added.<\/p>\n<p>In concert with the FBI advisory, Mandiant released a\u00a0<a href=\"https:\/\/cloud.google.com\/blog\/topics\/threat-intelligence\/apt45-north-korea-digital-military-machine\" target=\"_blank\" rel=\"noopener\">report<\/a>\u00a0today detailing some of Andariel\u2019s purported exploits and upgrading the group, in Mandiant\u2019s eyes, to Advanced Persistent Threat (APT) 45.<\/p>\n<p><strong>Hospital Hacks And An \u2018Ongoing Threat\u2019<\/strong><\/p>\n<p>Today\u2019s tri-government advisory said the US, UK and South Korea \u201cbelieve the group and the cyber techniques remain an ongoing threat to various industry sectors worldwide\u201d beyond their own borders, including but not limited to Japan and India.<\/p>\n<p>The advisory says Andariel was behind a series of\u00a0<a href=\"https:\/\/breakingdefense.com\/tag\/ransomware\/\" target=\"_blank\" rel=\"noopener\">ransomware<\/a>\u00a0attacks on healthcare providers, energy companies and financial institutions globally often using the software Maui. According to the advisory, Andariel funds its espionage operations by targeting this critical infrastructure.<\/p>\n<p>\u201cThe benefits of these activities are symbiotic. So without the ability to conduct these ransomware operations and receive payments, other cyber operations conducted by the DPRK would be difficult to continue. So North Korean cyber actors deploying ransomware, it feeds the cyber espionage on behalf of the military and nuclear programs and vice versa,\u201d an FBI official told reporters today.<\/p>\n<p>Alongside the advisory, the US Department of State announced a new,\u00a0<a href=\"https:\/\/www.state.gov\/rewards-for-justice-reward-offer-for-information-on-north-korean-malicious-cyber-actor-targeting-u-s-critical-infrastructure\/\" target=\"_blank\" rel=\"noopener\">$10 million reward<\/a>\u00a0for information leading to the identification of a North Korean national, Rim Jong Hyok, who was indicted by the Justice Department today for alleged links to Andariel and ransomware attacks.<\/p>\n<p>The Rewards for Justice notice said that on one occasion in 2022, Andariel \u201chacked a U.S.-based defense contractor from which they extracted more than 30 gigabytes of data, including unclassified technical information regarding material used in military aircraft and satellites, much of which was from 2010 or earlier.\u201d<\/p>\n<p>The State Department advisory said investigators \u201chave documented that Andariel actors victimized five healthcare providers, four U.S.-based defense contractors, two U.S. Air Force bases, and the National Aeronautics and Space Administration\u2019s Office of Inspector General.\u201d<\/p>\n<p><strong>Fuente:<\/strong> <a href=\"https:\/\/breakingdefense.com\/2024\/07\/us-south-korean-warn-north-korean-hacking-group-andariel-targets-defense-aerospace-firms\/\" target=\"_blank\" rel=\"noopener\"><em>https:\/\/breakingdefense.com<\/em><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Un grupo de piratas inform\u00e1ticos norcoreanos est\u00e1 en el centro de un esfuerzo global de espionaje cibern\u00e9tico para robar informaci\u00f3n militar clasificada, anunci\u00f3 hoy el&hellip; <\/p>\n","protected":false},"author":1,"featured_media":15200,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[2,23,28],"tags":[],"_links":{"self":[{"href":"https:\/\/www.fie.undef.edu.ar\/ceptm\/index.php?rest_route=\/wp\/v2\/posts\/15199"}],"collection":[{"href":"https:\/\/www.fie.undef.edu.ar\/ceptm\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.fie.undef.edu.ar\/ceptm\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.fie.undef.edu.ar\/ceptm\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.fie.undef.edu.ar\/ceptm\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=15199"}],"version-history":[{"count":1,"href":"https:\/\/www.fie.undef.edu.ar\/ceptm\/index.php?rest_route=\/wp\/v2\/posts\/15199\/revisions"}],"predecessor-version":[{"id":15201,"href":"https:\/\/www.fie.undef.edu.ar\/ceptm\/index.php?rest_route=\/wp\/v2\/posts\/15199\/revisions\/15201"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.fie.undef.edu.ar\/ceptm\/index.php?rest_route=\/wp\/v2\/media\/15200"}],"wp:attachment":[{"href":"https:\/\/www.fie.undef.edu.ar\/ceptm\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=15199"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.fie.undef.edu.ar\/ceptm\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=15199"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.fie.undef.edu.ar\/ceptm\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=15199"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}