North Korean Hackers Target Military Secrets

In a joint advisory released on July 25, the United States, Britain, and South Korea have revealed that North Korean hackers, identified as Anadriel or APT45, are conducting a widespread cyber espionage campaign aimed at stealing classified military secrets to bolster Pyongyang’s illicit nuclear weapons program. These hackers are believed to be affiliated with North Korea’s Reconnaissance General Bureau, which has been under U.S. sanctions since 2015. Notable victims include NASA, Randolph Air Force Base, and Robins Air Force Base, with allegations of unauthorized access to NASA’s systems resulting in the extraction of over 17 gigabytes of unclassified data. The advisory highlights that the cyber techniques employed by APT45 pose an ongoing threat to various sectors globally, particularly affecting entities in the U.S., Japan, and India. North Korea has a notorious history of utilizing covert hacking teams to acquire sensitive military information, and U.S. officials have indicated that these operations are often funded through ransomware attacks targeting healthcare institutions. The U.S. Justice Department has charged Rim Jong Hyok, a suspect linked to these cyber activities, with conspiracy to access U.S. computer networks and money laundering. One significant incident involved a Kansas hospital that paid a ransom in Bitcoin after its servers were encrypted by the hackers. The funds were subsequently transferred to a Chinese bank and withdrawn near the North Korean border. Additionally, U.S. authorities have reported seizing online accounts belonging to the hackers, recovering $600,000 in virtual currency intended for victims of the ransomware attacks. The advisory underscores the persistent threat posed by North Korean cyber operations, which continue to exploit vulnerabilities through phishing and other techniques to infiltrate targeted organizations.