lazarusholic

Everyday is lazarus.dayβ

North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs

2024-07-25, USCISA
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-207a
aa24-207a-dprk-cyber-group-conducts-global-espionage-campaign.pdf, 801.3 KB
#YARA #Andariel

Contents

North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs
Summary
The U.S. Federal Bureau of Investigation (FBI) and the following authoring partners are releasing this Cybersecurity Advisory to highlight cyber espionage activity associated with the Democratic People’s Republic of Korea (DPRK)’s Reconnaissance General Bureau (RGB) 3rd Bureau based in Pyongyang and Sinuiju:
- U.S. Cyber National Mission Force (CNMF)
- U.S. Cybersecurity and Infrastructure Security Agency (CISA)
- U.S. Department of Defense Cyber Crime Center (DC3)
- U.S. National Security Agency (NSA)
- Republic of Korea’s National Intelligence Service (NIS)
- Republic of Korea’s National Police Agency (NPA)
- United Kingdom’s National Cyber Security Centre (NCSC)
The RGB 3rd Bureau includes a DPRK (aka North Korean) state-sponsored cyber group known publicly as Andariel, Onyx Sleet (formerly PLUTONIUM), DarkSeoul, Silent Chollima, and Stonefly/Clasiopa. The group primarily targets defense, aerospace, nuclear, and engineering entities to obtain sensitive and classified technical information and intellectual property to advance …

IoC

88a7c84ac7f7ed310b5ee791ec8bd6c5
6ab4eb4c23c9e419fbba85884ea141f4
97ce00c7ef1f7d98b48291d73d900181
079b4588eaa99a1e802adf5e0b26d8aa
0873b5744d8ab6e3fe7c9754cf7761a3
0d696d27bae69a62def82e308d28857a
0ecf4bac2b070cf40f0b17e18ce312e6
17c46ed7b80c2e4dbea6d0e88ea0827c
1f2410c3c25dadf9e0943cd634558800
2968c20a07cfc97a167aa3dd54124cda
33e85d0f3ef2020cdb0fc3c8d80e8e69
4118d9adce7350c3eedeb056a3335346
4aa57e1c66c2e01f2da3f106ed2303fa
58ad3103295afcc22bde8d81e77c282f
5c41cbf8a7620e10f158f6b70963d1cb
61a949553d35f31957db6442f36730c5
72a22afde3f820422cfdbba7a4cbabde
84bd45e223b018e67e4662c057f2c47e
86465d92f0d690b62866f52f5283b9fc
8b395cc6ecdec0900facf6e93ec48fbb
97f352e2808c78eef9b31c758ca13032
a50f3b7aa11b977ae89285b60968aa67
afd25ce56b9808c5ed7eade75d2e12a7
afdeb24975a318fc5f20d9e61422a308
b697b81b341692a0b137b2c748310ea7
bcac28919fa33704a01d7a9e5e3ddf3f
c027d641c4c1e9d9ad048cda2af85db6
c892c60817e6399f939987bd2bf5dee0
cdeae978f3293f4e783761bc61b34810
d0f310c99476f1712ac082f78dd29fdc
d8da33fae924b991b776797ba8cde24c
e230c5728f9ea5a94e390e7da7bf1ffa
f4d46629ca15313b94992f3798718df7
fb84a392601fc19aeb7f8ce11b3a4907
ff3194d3d5810a42858f3e22c91500b1
13b4ce1fc26d400d34ede460a8530d93
41895c5416fdc82f7e0babc6bb6c7216
c2f8c9bb7df688d0a7030a96314bb493
33a3da2de78418b89a603e28a1e8852c
4896da30a745079cd6265b6332886d45
73eb2f4f101aab6158c615094f7a632a
7f33d2d2a2ce9c195202acb59de31eee
e1afd01400ef405e46091e8ef10c721c
fe25c192875ec1914b8880ea3896cda2
232586f8cfe82b80fd0dfa6ed8795c56
c1f266f7ec886278f030e7d7cd4e9131
49bb2ad67a8c5dfbfe8db2169e6fa46e
beb199b15bd075996fa8d6a0ed554ca8
4053ca3e37ed1f8d37b29eed61c2e729
3a0c8ae783116c1840740417c4fbe678
0414a2ab718d44bf6f7103cff287b312
ca564428a29faf1a613f35d9fa36313f
ad6d4eb34d29e350f96dc8df6d8a092e
dc70dc9845aa747001ebf2a02467c203
3d2ec58f37c8176e0dbcc47ff93e5a76
0a09b7f2317b3d5f057180be6b6d0755
1ffccc23fef2964e9b1747098c19d956
9112efb49cae021abebd3e9a564e6ca4
ac0ada011f1544aa3a1cf27a26f2e288
0211a3160cc5871cbcd4e5514449162b
7416ea48102e2715c87edd49ddbd1526
a2aefb7ab6c644aa8eeb482e27b2dbc4
e7fd7f48fbf5635a04e302af50dfb651
33b2b5b7c830c34c688cf6ced287e5be
e5410abaaac69c88db84ab3d0e9485ac
eb35b75369805e7a6371577b1d2c4531
5a3f3f75048b9cec177838fb8b40b945
9d7bd0caed10cc002670faff7ca130f5
8434cdd34425916be234b19f933ad7ea
bbaee4fe73ccff1097d635422fdc0483
79e474e056b4798e0a3e7c60dd67fd28
95c276215dcc1bd7606c0cb2be06bf70
426bb55531e8e3055c942a1a035e46b9
cfae52529468034dbbb40c9a985fa504
deae4be61c90ad6d499f5bdac5dad242
bda0686d02a8b7685adf937cbcd35f46
6de6c27ca8f4e00f0b3e8ff5185a59d1
c61a8c4f6f6870c7ca0013e084b893d2
5291aed100cc48415636c4875592f70c
f4795f7aec4389c8323f7f40b50ae46f
cf1a90e458966bcba8286d46d6ab052c
792370eb01e16ac3dc511143932d0e1d
612538328e0c4f3e445fb58ef811336a
9767aa592ec2d6ae3c7d40b6049d0466
b22fd0604c4f189f2b7a59c8f48882dd
e53ca714787a86c13f07942a56d64efa
c7b09f1dd0a5694de677f3ecceda41b7
c8346b39418f92725719f364068a218d
730bff14e80ffd7737a97cdf11362ab5
9a481bc83fea1dea3e3bdfff5e154d44
ddb1f970371fa32faae61fc5b8423d4b
6c2b947921e7c77d9af62ce9a3ed7621
977d30b261f64cc582b48960909d0a89
7ce51b56a6b0f8f78056ddfc5b5de67c
dd9625be4a1201c6dfb205c12cf3a381
ecb4a09618e2aba77ea37bd011d7d7f7
0fd8c6f56c52c21c061a94e5765b27b4
c90d094a8fbeaa8a0083c7372bfc1897
0055a266aa536b2fdadb3336ef8d4fba
55bb271bbbf19108fec73d224c9b4218
0c046a2f5304ed8d768795a49b99d6e4
f34664e0d9a10974da117c1ca859dba8
a2c2099d503fcc29478205f5aef0283b
e439f850aa8ead560c99a8d93e472225
7c30ed6a612a1fd252565300c03c7523
81738405a7783c09906da5c7212e606b
c027d641c4c1e9d9ad048cda2af85db6
eb7ba9f7424dffdb7d695b00007a3c6d
3e9ee5982e3054dc76d3ba5cc88ae3de
073e3170a8e7537ff985ec8316319351
9b0e7c460a80f740d455a7521f0eada1
2d02f5499d35a8dffb4c8bc0b7fec5c2
0984954526232f7d05910aa5b07c5893
4156a7283284ece739e1bae05f99e17c
3026d419ee140f3c6acd5bff54132795
7aa132c0cc63a38fb4d1789553266fc7
1a0811472fad0ff507a92c957542fffd
f8aef59d0c5afe8df31e11a1984fbc0a
82491b42b9a2d34b13137e36784a67d7
0a199944f757d5615164e8808a3c712a
9c97ea18da290a6833a1d36e2d419efc
16f768eac33f79775a9672018e0d64f5