NASA, FBI To US Military Air Base Become Victims Of North Korea's Hacking

Illustration. Unsplash/Mika Baumeister)

JAKARTA - The authorities of the United States, Britain and South Korea in a joint statement Thursday said North Korean hackers had carried out a global cyber-espionage campaign to steal secret military secrets to support Pyongyang's illicit nuclear weapons program.

The hackers, dubbed Anadriel or APT45 by cybersecurity researchers, are believed to be part of North Korea's intelligence agency known as the General Bureau of Reconnaissance, an entity sanctioned by the US in 2015.

The cyber unit has targeted or broken into computer systems in various defense or engineering companies, including tank manufacturers, submarines, naval vessels, warplanes, and missile and radar systems, the statement said.

In Uncle Sam's country, those who were victims included the National Aeronautics and Space Agency (NASA), Randolph Air Force Base in Texas, and Robins Air Force Base in Georgia, FBI officials and the US Department of Justice said on Thursday.

In NASA's targeting in February 2022, hackers used malware scripts to gain unauthorized access to their computer system for three months, according to US prosecutors. More than 17 unclassified gigabytes of data were successfully extracted.

"The body-generating bodies believe the cyber-group and technique remains a sustainable threat to various industrial sectors around the world, including but not limited to entities in their respective countries, as well as in Japan and India," the statement said.

The internationally isolated North Korea, officially known as the Democratic People's Republic of Korea (DPRK), has a long history of using a secret hacking team to steal sensitive military information.

To fund their operations, hackers used ransomware to target US hospitals and healthcare companies, according to US officials.

On Thursday, the US Department of Justice said it had indicted a suspect, Rim Jong Hyok, for conspiring to access computer networks in the United States and money laundering.

One of the ransomware incidents alleged against Rim involved hacking in May 2021 against a hospital in Kansas that paid the ransom after hackers encrypted four of its computer servers.

The hospital paid in bitcoin, which was transferred to a Chinese bank and later withdrawn from an ATM in Dandong, China, next to the China-Korean Friendship Bridge that connects the city with Sinuiju, North Korea, the indictment said.

The FBI said it offered a reward of up to $10 million for information that would lead to Rim's arrest. He is believed to be in North Korea.

FBI officials and the Justice Department told reporters on Thursday they had seized several online accounts belonging to hackers, including 600,000 US dollars in virtual currency that would be returned to victims of ransomware attacks.

"The global cyber espionage operation we revealed today shows the extent to which state-sponsored actors the DPRK is willing to do anything to run their military and nuclear programs," Paul Chichester said at Britain's National Cybersecurity Center, part of GCHQ's spy agency.

In August last year, Reuters exclusively reported a group of elite North Korean hackers had managed to break into the system at NPO Mashinostroyeniya, a rocket design bureau headquartered in Reutov, a small town on the outskirts of Moscow.

As with the hack, APT45 - part of North Korea's General Bureau of Reconnaissance intelligence agency - uses general phishing techniques and computer exploits to trick officials at companies they are targeting to provide access to their internal computer systems, Thursday's statement said.