South Korean police are actively investigating whether the North Korean hacker group accused of breaching data from 14 entities managed to obtain information on defense technology, including an anti-aircraft laser, according to a statement from a Seoul city police official on Wednesday.
The ongoing probe, conducted in collaboration with the U.S. Federal Bureau of Investigation (FBI), aims to ascertain the scope of data accessed by the group known as Andariel, as revealed by Jeong Jin-ho, the head of a team at the Seoul Metropolitan Police Agency handling the case, speaking to Reuters.
This week, local media reported that the pilfered data encompassed crucial South Korean defense secrets. The targeted entities included South Korean defense firms, research institutes, and pharmaceutical companies, as stated in a previous police release. The hackers seized 250 files, equivalent to 1.2 terabytes of information and data.
Police disclosed that a proxy server established by the group was accessed 83 times in a district of the North Korean capital Pyongyang between last December and March. The server facilitated access to the websites of the targeted firms and institutions, with the group exploiting a South Korean hosting service that leases servers to unidentified clients.
Additionally, the hackers extorted 470 million won ($357,866) in bitcoin from three South Korean and foreign firms through ransomware attacks, according to police reports. North Korean hackers have a history of cyberattacks resulting in significant financial gains, even though Pyongyang has consistently denied involvement in cybercrime. The U.S. Department of the Treasury listed Andariel as a North Korean state-sponsored hacking group in 2019, focusing on conducting malicious cyber operations on foreign businesses, government agencies, and the defense industry.
In connection with the ransomware attacks, police are investigating a foreign woman, as some of the bitcoin was transferred through her bank account and subsequently withdrawn at a bank in China. The woman has denied any wrongdoing and is currently subject to further investigation.
