2025-01-24
Ahnlab
RID Hijacking Technique Utilized by Andariel Attack Group
#Andariel
Andariel
the Maiden of Anguish
"금융보안원은 최근 국내에서 발생한 일련의 침해 사고 및 시도를 분석하는 과정에서 라자루스와 연관성을 가진 새로운 조직을 확인하였고, 그들의 행위를 추적한 결과, 과거 3.20 사이버테러(DARKSEOUL)에 이용된 일부 악 성코드와 유사점이 확인되긴 했으나 대부분의 악성코드는 새로운 형태였으며, 지난해부터 글로벌 금융회사 및 국내 금융회사 망분리 솔루션 취약점을 이용하여 공격한 블루노로프 그룹의 악성코드와도 다른 코드 패턴 및 공격 방식을 가지고 있는 것을 확인하였다. 따라서 2014년 전후로 라자루스 그룹의 조직 분리 등을 이유로 TTP(공격 방식)가 서로 다른 두개의 위협그룹이 같은 시점에 다른 대상을 공격하고 있는 것으로 판단하였고 해당 위협그룹을 안다리엘(Andariel)로 명명하였다."
- FSI, https://www.fsec.or.kr/common/proc/fsec/bbs/163/fileDownLoad/3126.do
"Andariel is a North Korean state-sponsored threat group that has been active since at least 2009. Andariel has primarily focused its operations--which have included destructive attacks--against South Korean government agencies, military organizations, and a variety of domestic companies; they have also conducted cyber financial operations against ATMs, banks, and cryptocurrency exchanges."
- MITRE, https://attack.mitre.org/groups/G0138/
"Andariel is the Act Boss of the first act of Diablo II and is found on the fourth level of the Catacombs. The first rooms are filled with undead and demonic minions; it is usually best to clear them so you can focus on Andariel herself."
- DiabloWiki, https://diablo.fandom.com/wiki/Andariel
"A subgroup of Lazarus Group, Hidden Cobra, Labyrinth Chollima."
- ETDA, https://apt.etda.or.th/cgi-bin/showcard.cgi?u=00089621-cabc-421a-b2ce-3fd18f6bfa9c
"Andariel Threat Actor Intelligence Profile"
- Cybergeist, https://cybergeist.io/profile/andariel
"Andariel is a North Korean state-sponsored threat group that has been active since at least 2009. Andariel has primarily focused its operations–which have included destructive attacks–against South Korean government agencies, military organizations, and a variety of domestic companies; they have also conducted cyber financial operations against ATMs, banks, and cryptocurrency exchanges."
- CyberMaterial, https://cybermaterial.com/andariel-lazarus-group-threat-actor/
Also known as
Name | Named by | AKA | First seen | Last seen |
---|---|---|---|---|
APT45 | Mandiant | Andariel | 2024-07-26 | 2025-02-12 |
Andariel | FSI | - | 2017-07-27 | 2025-01-24 |
Clasiopa | Symantec | Andariel | 2023-02-23 | 2023-02-23 |
DEV-0530 | Microsoft | Plutonium | 2022-07-14 | 2022-07-14 |
G0138 | MITRE | Andariel | 2021-09-29 | 2021-09-29 |
Hive0079 | IBM | Andariel | - | - |
JumpyPisces | PaloaltoNetworks | Andariel | 2024-06-28 | 2024-10-30 |
NickelHyatt | SecureWorks | Andariel | - | 2024-10-08 |
OnyxSleet | Microsoft | Plutonium | 2023-04-19 | 2024-09-11 |
Plutonium | Microsoft | Andariel | 2022-11-07 | 2022-11-07 |
RedLight | KRCERT | Andariel | - | - |
SectorA04 | NSHC | Andariel | 2020-03-12 | 2025-02-11 |
SilentChollima | CrowdStrike | Andariel | 2014-04-21 | 2024-12-13 |
Stonefly | Symantec | Andariel | 2022-04-27 | 2024-10-02 |
Storm-0530 | Microsoft | DEV-0530 | 2023-04-19 | 2023-04-18 |
TA430 | Proofpoint | Andariel | 2024-01-01 | 2024-01-01 |
UNC4131 | Mandiant | Andariel | 2023-04-18 | 2023-04-18 |
UNC4369 | Mandiant | Andariel | 2023-04-18 | 2023-04-18 |
UNC614 | Mandiant | Andariel | 2023-02-16 | 2023-10-10 |
Reports
2024-07-25
USJustice
North Korean Government Hacker Charged for Involvement in Ransomware Attacks Targeting U.S. Hospitals and Health Care Providers
#Maui #Andariel #MoneyLaundering #ArkansasHealthcare #CaliforniaDefense #ChineseEnergy #ColoradoMedical #ConnecticutHealthcare #FloridaHospital #KansasHospital #MassachusettsDefense #MichiganDefense #NASA #OregonDefense #RandolphAirForce #RobinsAirForce #SouthKoreanManufacturing #TaiwaneseDefense
USJustice
North Korean Government Hacker Charged for Involvement in Ransomware Attacks Targeting U.S. Hospitals and Health Care Providers
#Maui #Andariel #MoneyLaundering #ArkansasHealthcare #CaliforniaDefense #ChineseEnergy #ColoradoMedical #ConnecticutHealthcare #FloridaHospital #KansasHospital #MassachusettsDefense #MichiganDefense #NASA #OregonDefense #RandolphAirForce #RobinsAirForce #SouthKoreanManufacturing #TaiwaneseDefense
2024-03-07
UN
S/2024/215 Final report of the Panel of Experts
#CyberLink #JumpCloud #Andariel #Kimsuky #BlueNoroff #ScarCruft #Alphapo #CoinsPaid #Merlin #Steadefi #Fantom #Terraport #UnoRe #HECO #HTX #OrbitBridge #Poloniex #NexusMutual #Indodax #CoinEx #bZx #Qubit #DeFiance #Bondly #Fetchai #MGNR #EasyFi #FinNexus #Eterbase #KuCoin #Cryptopia #AlgoCapital #CoinTiger #BiKi #CoinBene #Gateio #Coinrail #Bancor #Tradeio #CoinSecure #Cypherium #Taylor #Sanctions
UN
S/2024/215 Final report of the Panel of Experts
#CyberLink #JumpCloud #Andariel #Kimsuky #BlueNoroff #ScarCruft #Alphapo #CoinsPaid #Merlin #Steadefi #Fantom #Terraport #UnoRe #HECO #HTX #OrbitBridge #Poloniex #NexusMutual #Indodax #CoinEx #bZx #Qubit #DeFiance #Bondly #Fetchai #MGNR #EasyFi #FinNexus #Eterbase #KuCoin #Cryptopia #AlgoCapital #CoinTiger #BiKi #CoinBene #Gateio #Coinrail #Bancor #Tradeio #CoinSecure #Cypherium #Taylor #Sanctions