To the past and beyond: Andariel’s latest arsenal and cyberattacks
Contents
To the past and beyond: Andariel’s latest arsenal and cyberattacks
by Mohammad Kazem Hassan Nejad
Strategic Threat Intelligence & Research Group (STINGR)
22/01/2026
WithSecure proactively identified and notified a European customer belonging to the public/legal sector of a breach attributed with high confidence to the Andariel group, a state-sponsored cyber group linked to the Reconnaissance General Bureau (RGB) 3rd bureau of Democratic People’s Republic of Korea (DPRK).
The attribution was based on the threat actor’s usage of unique malware, such as TigerRAT, command execution patterns, infrastructure linkages, and other technical and non-technical evidence that linked it to previous reports of Andariel activity.
We assess that the primary goal of this breach was cyberespionage. This was determined based on the group’s past objectives and the intrusion activity, but most notably the threat actor accessing documents relating to anti-money laundering on the victim host. DPRK is notoriously known for its money-laundering activity to evade international sanctions.
This investigation led …
by Mohammad Kazem Hassan Nejad
Strategic Threat Intelligence & Research Group (STINGR)
22/01/2026
WithSecure proactively identified and notified a European customer belonging to the public/legal sector of a breach attributed with high confidence to the Andariel group, a state-sponsored cyber group linked to the Reconnaissance General Bureau (RGB) 3rd bureau of Democratic People’s Republic of Korea (DPRK).
The attribution was based on the threat actor’s usage of unique malware, such as TigerRAT, command execution patterns, infrastructure linkages, and other technical and non-technical evidence that linked it to previous reports of Andariel activity.
We assess that the primary goal of this breach was cyberespionage. This was determined based on the group’s past objectives and the intrusion activity, but most notably the threat actor accessing documents relating to anti-money laundering on the victim host. DPRK is notoriously known for its money-laundering activity to evade international sanctions.
This investigation led …