NSA warns of North Korea cyber espionage campaign
On July 25, the National Security Agency (NSA) joined the Federal Bureau of Investigation (FBI) and others in releasing the joint Cybersecurity Advisory (CSA), “North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs.” The CSA includes detection methods and mitigation measures to help counter the malicious activity.
This CSA details cyber espionage activity of the Democratic People’s Republic of Korea (DPRK) Reconnaissance General Bureau (RGB) 3rd Bureau. The group primarily targets defense, aerospace, nuclear, and engineering entities to obtain sensitive and classified technical information and intellectual property to advance the regime’s military and nuclear programs and ambitions. The authoring agencies assess this group poses an ongoing threat to various industry sectors worldwide, including, but not limited to, entities in the United States, South Korea, Japan, and India. The group funds their espionage activity through ransomware operations against U.S. healthcare entities.
“As North Korean state-sponsored cyber actors evolve their operations to attempt to infiltrate vital systems, we will pivot to counteract these actions,” said NSA Cybersecurity Director Dave Luber. “This joint advisory includes detailed techniques this group employs and various detection and mitigation methods to empower the international cybersecurity community to continue improving how we prevent and respond to compromises.”
The cybersecurity industry provides overlapping cyber threat intelligence related to this 3rd Bureau group using the names of Andariel, Onyx Sleet, and DarkSeoul, among others. Cybersecurity companies have different methods of tracking and attributing cyber actors, and this may not be a 1:1 correlation to the U.S. Government’s understanding for all activity related to these groupings.
Source: NSA
Like IC News? Then please consider subscribing. You’ll get full access to our searchable library of 10,000+ articles, plus new articles each weekday.