North Korea may have stolen secrets to new laser weapon

Breach includes 1.2 terabytes of information and data stolen by hackers

Shweta Sharma
Wednesday 06 December 2023 09:54 EST
Comments
North Korean Spy Satellite Starts Operations

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

North Korean hackers may have stolen classified information on a new laser weapon system and key South Korean defence secrets after allegedly accessing a huge cache of data from defence and research firms in the South.

A North Korean state-sponsored hacking group known as Andariel allegedly stole data from 14 entities, including South Korean defence firms, research institutes, and pharmaceutical companies, police have said.

An investigation has been launched into the cyber-hacking incident with the Seoul Metropolitan Police Agency and US Federal Bureau of Investigation (FBI) working to determine the extent of the data leak by the group.

Andariel, sanctioned by the US Department of Treasury and designated as a North Korean state-sponsored malicious cyber group in 2019, established a proxy server from a district of the North Korean capital Pyongyang.

The group accessed the proxy servers 83 times between last December and March, the police investigating the case said.

The massive breach of data includes some 250 files or 1.2 terabytes of information and data stolen by hackers, according to the Yonhap news agency.

The group used the server to reach the websites of various firms and institutions, exploiting a South Korean hosting service that leases servers to undisclosed clients.

The group has extorted 470m won ($357,000; £284,000 worth of bitcoin via ransomware attacks on three South Korean and foreign firms, police said, adding that some of the ransom moneys have been sent back to Pyongyang.

Approximately 110m won was sent to a Chinese bank using the financial account of a female foreigner, according to police investigations involving both local and international virtual-asset exchanges.

The funds were subsequently withdrawn at a bank outlet situated in an area along the China-North Korea border. It is believed that the funds were eventually funneled to North Korea, said the police, adding that they are tracking the woman’s financial records to confirm if she played a part in money laundering.

Experts have raised concerns over the isolated nation resorting to cryptocurrency theft as a means to finance its nuclear arsenal amid extensive sanctions,

Cyber-attacks resulting in millions of dollars have been attributed to North Korean hackers, despite previous denials of involvement in cybercrime by Pyongyang.

Last year, North Korean hackers were alleged to have stolen 1.2bn won in virtual assets, according to South Korea’s spy agency. It said that cyber-criminals working for the North Korean government have made 1.5tn won in the last three years.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in