Andariel: North Korean APT Group Targets Military and Nuclear Programs
Contents
The Blue Report 2024
Get a comprehensive analysis of over 136 million cyber attacks and understand the state of threat exposure management.
Andariel: The North Korean State-Sponsored APT Group
Andariel, also known as Onyx Sleet, is an Advanced Persistent Threat (APT) that has been associated with North Korea's Reconnaissance General Bureau (RGB) based in Pyongyang and Sinuiju. Andariel has been active since 2013, and the group gained infamy with the Sony Pictures hack in 2014.
Andariel's motivations are aligned with the North Korean political agenda and the APT group primarily targets defense, aerospace, nuclear, and engineering organizations for cyber espionage. Additionally, they run ransomware operations against healthcare organizations in the US to fund their operations.
The North Korean APT group utilizes a range of tactics, including spear phishing and vulnerability exploitation against web servers to infiltrate targeted organizations. After the initial foothold, they use known system discovery and enumeration techniques and establish persistence by deploying …
Get a comprehensive analysis of over 136 million cyber attacks and understand the state of threat exposure management.
Andariel: The North Korean State-Sponsored APT Group
Andariel, also known as Onyx Sleet, is an Advanced Persistent Threat (APT) that has been associated with North Korea's Reconnaissance General Bureau (RGB) based in Pyongyang and Sinuiju. Andariel has been active since 2013, and the group gained infamy with the Sony Pictures hack in 2014.
Andariel's motivations are aligned with the North Korean political agenda and the APT group primarily targets defense, aerospace, nuclear, and engineering organizations for cyber espionage. Additionally, they run ransomware operations against healthcare organizations in the US to fund their operations.
The North Korean APT group utilizes a range of tactics, including spear phishing and vulnerability exploitation against web servers to infiltrate targeted organizations. After the initial foothold, they use known system discovery and enumeration techniques and establish persistence by deploying …