Andariel

Andariel is a state-sponsored cyber organization based in Pyongyang and Sinuiju, North Korea. It operates under the Reconnaissance General Bureau's (RGB) 3rd Bureau. Andariel has been active since around 2009 and focuses on espionage. Initially targeting defense contractors and military organizations, it has expanded its scope to include nuclear weapons information and, during the pandemic, organizations in the life sciences and pharmaceutical sector.

Andariel's primary objective is to steal sensitive and classified technical information, intellectual property, and military secrets. It has compromised organizations globally, seeking to further North Korea's military and nuclear ambitions. The group poses an ongoing threat to critical infrastructure organizations worldwide, including defense, financial services infrastructure, aerospace, nuclear, engineering, medical, and energy sectors.

www.trendmicro.com

https://www.trendmicro.com/en_us/research/18/g/new-andariel-reconnaissance-tactics-hint-at-next-targets.html

cloud.google.com

https://cloud.google.com/blog/topics/threat-intelligence/apt45-north-korea-digital-military-machine

attack.mitre.org

https://attack.mitre.org/groups/G0138/

www.microsoft.com

https://www.microsoft.com/en-us/security/blog/2024/07/25/onyx-sleet-uses-array-of-malware-to-gather-intelligence-for-north-korea/

cloud.google.com

https://cloud.google.com/blog/topics/threat-intelligence/mapping-dprk-groups-to-government/

www.ic3.gov

https://www.ic3.gov/Media/News/2024/240725.pdf

www.ncsc.gov.uk

https://www.ncsc.gov.uk/news/ncsc-partners-vigilant-dprk-sponsored-cyber-campaign

home.treasury.gov

https://home.treasury.gov/news/press-releases/sm774