North Korean hackers stole some 250 cutting-edge technologies including weapons programs from South Korean businesses and research centers, Seoul police said Monday.
Police said the North Korean hacking group Andariel hacked 1.2 terabytes worth of files from South Korean defense companies, major conglomerates, IT businesses, research centers, drug makers and universities between December 2022 and March this year. Andariel has been targeting South Korean organizations since 2008.
The hackers took advantage of South Korean servers for rent, which do not require background checks to use. They rented them from Gmail and other e-mail addresses to launch their attacks.
When investigators traced the e-mail accounts, they led back to Ryugyong-dong in the North Korean capital Pyongyang. A total of 83 connections to the e-mail accounts were made from Ryugyong-dong, which is also the location of North Korea’s highest building, the Ryugyong Hotel as well as the North’s communications and informatics centers.
“It’s extremely rare to discover in a hacking investigation that connections were made directly from Pyongyang,” an investigator said.
Andariel’s main targets were defense-related entities. Among their loot were designs for laser anti-aircraft weapons that can shoot down drones and fighter jets as well as sensors used to detect enemy attacks.
The South Korean military developed the laser weapon in April of this year and plans to begin production next year.
“We believe that scores of businesses were targets, and most of them didn’t even know they were hacked,” the investigator said. “Some businesses didn’t report the attacks for fear of damaging their corporate image, so the actual damage could be even bigger.”
Andariel spread ransomware programs targeting three South Korean and overseas companies in 2021 that destroyed their computers systems and made off with W470 million worth of Bitcoins that they had extorted for repairing the damage (US$1=W1,306).
They then laundered the extorted money through cryptocurrency exchanges Bithumb and Binance before exchanging W110 million of the money into Chinese yuan through a middleman in China. The money was then sent to an account in a Chinese bank in Liaoning Province and withdrawn in the border city of Dandong. Police believe it was taken to North Korea from there and are tracking the remaining W300 million.
The investigation of Andariel started after the FBI probed a hacking attack on American hospitals in Kansas in 2021. It found that North Korean hackers spread a ransomware called Maui during the coronavirus pandemic to cripple U.S. hospital servers and extorted US$500,000 in exchange for repairing the damage. The FBI asked South Korean authorities for help when it learned that the e-mail accounts and server used in that attack were based here.
- Copyright © Chosunilbo & Chosun.com
