FBI, NSA and GCHQ Warn Organisations of Hack Threat

A new threat actor has been detected, and it's concerning enough that the UK's National Cyber Security Centre (NCSC) and US FBI and NSA have issued a warning to organisations over it. 

The NCSC, a component of the UK Government’s intelligence office GCHQ, issued an advisory in collaboration with the US and South Korea warning of the activities of a cyber threat group known as Andariel. 

"The global cyber espionage operation that we have exposed today shows the lengths that [North Korean] state-sponsored actors are willing to go to pursue their military and nuclear programs," said Paul Chichester at the NCSC.

This group, believed to be part of North Korea's Reconnaissance General Bureau (RGB) 3rd Bureau, has been infiltrating organisations across various sectors, including defence, aerospace, nuclear, engineering, medical, and energy.

Briefing on the threat 

Andariel's primary objective is to steal sensitive and classified technical information and intellectual property. The advisory details how the group targets contract specifications, design drawings, and project details.

The group has been known to use software vulnerabilities to launch cyberattacks, including malware and phishing, to access sensitive data and information.

Although the focus being warned about is high-value technical data, which would affect a smaller number of organisations, North Korean hackers have been making headline news over the past few months due to their increased activity. 

In July, cybersecurity company KnowBe4 found out one of its remote workers was actually a North Korean hacker after he infected his new company laptop with malware. 

Although no ‘illegal’ access was gained, it shows how geopolitical actors are putting increasing pressure on companies’ cybersecurity through a myriads of ways.

Andariel has demonstrated a concerning evolution in their tactics. Specialised in cyber espionage and ransomware operations, the group has been observed launching ransomware and espionage attacks on the same victim simultaneously.

“The revelation that North Korean state-sponsored actors, particularly the Andariel group, are aggressively targeting critical infrastructure and sensitive sectors such as defence, aerospace, nuclear, and healthcare is a strong reminder of the evolving cyber threat landscape,” Andy Ward, VP International of cybersecurity company Absolute Security said following the report. 

Andy went on to highlight how 47% of businesses reported an increase in state-sponsored cyber threats over the past year.

Compounding these concerns, recent reports from cybersecurity firms Imperva, NETSCOUT, and F5 Labs have revealed a dramatic doubling in Distributed Denial of Service (DDoS) attacks.  

While not directly linked to the North Korean campaign, links were made to the surge and the rising geopolitical tensions around the world. 

Imperva's report noted a 519% increase in DDoS attacks targeting Ukraine, along with significant surges in attacks on Israel (118%); NETSCOUT’s report highlighted a peak of 1,016 DDoS attacks in a single day targeting Romania in 2024.

The telecommunications sector, which is deemed crucial infrastructure of a nation, has been particularly hard-hit, with Imperva reporting a 548% rise in application layer DDoS attacks targeting telecom and ISP sectors. 

Taking the threat head on

This vulnerability of critical infrastructure or sensitive data cyber attacks poses significant risks to national security and economic stability. The fact that all these governmental agencies have issued a joint alert highlight the severity of the issue.

As the cyber threat landscape continues to evolve, organisations must adapt their defence mechanisms. 

“A defence strategy built on cyber resilience can ensure security teams have continuous visibility over networks, devices and applications to detect suspicious behaviour, while providing response protocols to prevent cybercriminals breaching the entirety of a network,” Andy concludes. 

Continuous monitoring, advanced threat detection, and robust incident response protocols are essential. The NCSC advisory provides technical details and mitigation advice to help defend against these sophisticated actors.

As state-sponsored cyber operations become more complex and DDoS attacks surge, collaboration between government agencies and private sector entities will remain a vital part of threat intelligence procedures and be crucial in building a resilient global cyber defence infrastructure. 

******

Make sure you check out the latest edition of Cyber Magazine and also sign up to our global conference series - Tech & AI LIVE 2024

******

Cyber Magazine is a BizClik brand