Lazarus sub-group targets South Korean defense firms

Defense industry organizations in South Korea had data concerning anti-aircraft weapon systems exfiltrated by North Korean state-sponsored threat operation Andariel, a sub-cluster of Lazarus Group, reports The Record, a news site by cybersecurity firm Recorded Future. Andariel, which leveraged a South Korean domestic server rental firm connected to a Pyongyang-based server to facilitate the intrusions, was able to steal 1.2 TB of data, some of which had been obtained from pharmaceutical firms and research entities, according to the Seoul Metropolitan Police, which investigated the attack campaign with the FBI. Aside from laundering nearly $76,000 worth of cryptocurrency to a Chinese bank and withdrawing the proceeds from a branch near North Korea, Andariel also conducted extortion campaigns against three victims, from which it was able to obtain almost $357,000 worth of Bitcoin. Such a development comes after a joint UK and South Korean alert regarding the mounting prevalence of North Korean supply chain attacks, as well as the joint cooperation by South Korea, Japan, and the U.S. in countering illicit funding used by North Korea to support its weapons program.