HQ/EMEAFind out how we can help your business
The notorious North Korean state-sponsored cybercriminal organisation known as Andariel allegedly targeted three different organisations in the United States a couple of months ago.
Based on reports, these August cyberattacks against various US-based entities were all financially motivated campaigns. Researchers stated that these DPRK threat actors failed to launch their ransomware tools on the targeted organisations, but the campaigns clearly indicate that it is for financial purposes.
Andariel is a sub-group of the well-known North Korean-backed threat actor Lazarus.
Andariel is a threat actor suspected of being a notorious Lazarus Group sub-cluster. It has been active since at least 2009 and has donned several aliases, such as Nickel Hyatt, Onyx Sleet, APT45, DarkSeoul, Operation Troy, Silent Chollima, and Stonefly.
The hacking crew, which is part of North Korea’s Reconnaissance General Bureau (RGB), has a history of deploying ransomware strains like SHATTEREDGLASS and Maui and developing multiple custom backdoors like Dtrack, TigerRAT, Black RAT, Dora RAT, and LightHand.
On the other hand, the group’s lesser-known tools in their attacks include a data wiper nicknamed Jokra and an advanced implant called Prioxer. The latter strain allows its operators to communicate with the payload for further instructions and data with an attacker-controlled C2 server.
Last July, the US prosecuted a North Korean military intelligence operative who was a member of the advanced persistent threat group after it participated in the alleged ransomware attack on various entities, including healthcare facilities. The threat group also used the stolen funds to perform other hacks against sectors such as defence, technology, and government agencies worldwide.
This APT group’s latest campaign has allegedly involved the deployment of Dtrack and another backdoor called Nukebot, which can execute instructions, download and upload data, and take screenshots.
The researchers have yet to uncover how these threat actors acquire initial access to targeted devices. However, past campaigns show that Andariel is notorious for exploiting known N-day security flaws in internet-facing programs to infiltrate target networks.
US-based organisations have been the primary target for North Korean hacking groups. Thus, enhancing cyber defences and improving cybersecurity hygiene are the best ways to prevent or mitigate these cyberattacks.
