Emulating the Politically Motivated North Korean Adversary Andariel
Contents
Andariel, also known as Silent Chollima, is a politically motivated adversary of North Korean origin that has been active since at least 2009. Andariel has been reported to operate in support of the Reconnaissance General Bureau (RGB) of the Democratic People’s Republic of Korea (DPRK) and is recognized, along with BlueNoroff, as one of the subgroups of the notorious and widely publicized Lazarus group.
Andariel has shown particular interest in cyberespionage attacks for intelligence gathering against mainly South Korean government agencies and military organizations. During 2018, Andariel was observed using an Active X zero-day against targets in South Korea, by using watering hole attacks on South Korean websites for the purpose of conducting reconnaissance activities during an operation codenamed GoldenAxe.
However, since at least 2021, Andariel has also been seeking financial gain through attacks that leveraged customized ransomware during the final phase of activity. US-CERT released at joint FBI, CISA, and Department …
Andariel has shown particular interest in cyberespionage attacks for intelligence gathering against mainly South Korean government agencies and military organizations. During 2018, Andariel was observed using an Active X zero-day against targets in South Korea, by using watering hole attacks on South Korean websites for the purpose of conducting reconnaissance activities during an operation codenamed GoldenAxe.
However, since at least 2021, Andariel has also been seeking financial gain through attacks that leveraged customized ransomware during the final phase of activity. US-CERT released at joint FBI, CISA, and Department …