Dark Web Profile: Andariel
Contents
Dark Web Profile: Andariel
Andariel operates as a North Korea–linked threat group under the Reconnaissance General Bureau (RGB). Security researchers widely assess it as a sub-cluster of the Lazarus Group. Since around 2009, Andariel has moved from regional disruption campaigns to global cyber-espionage and revenue-driven operations.
The group targets defense contractors, nuclear engineering firms, financial institutions, healthcare providers, and software vendors. It blends intelligence collection with ransomware activity and cryptocurrency theft. This hybrid model reflects the DPRK’s strategy of using cyber operations both for strategic intelligence and hard currency generation.
Threat Actor card of Andariel
Threat Actor card of Andariel
Who is Andariel?
Andariel functions as an operational unit within North Korea’s Reconnaissance General Bureau. Public reporting links it to the RGB’s 3rd Bureau, also known as Bureau 121 or Lab 110. Some sources reference the internal designation 414 Liaison Office, indicating a structured role inside the military intelligence apparatus.
North Korea runs a centralized but flexible …
Andariel operates as a North Korea–linked threat group under the Reconnaissance General Bureau (RGB). Security researchers widely assess it as a sub-cluster of the Lazarus Group. Since around 2009, Andariel has moved from regional disruption campaigns to global cyber-espionage and revenue-driven operations.
The group targets defense contractors, nuclear engineering firms, financial institutions, healthcare providers, and software vendors. It blends intelligence collection with ransomware activity and cryptocurrency theft. This hybrid model reflects the DPRK’s strategy of using cyber operations both for strategic intelligence and hard currency generation.
Threat Actor card of Andariel
Threat Actor card of Andariel
Who is Andariel?
Andariel functions as an operational unit within North Korea’s Reconnaissance General Bureau. Public reporting links it to the RGB’s 3rd Bureau, also known as Bureau 121 or Lab 110. Some sources reference the internal designation 414 Liaison Office, indicating a structured role inside the military intelligence apparatus.
North Korea runs a centralized but flexible …