North Korea may have stolen secrets to new laser weapon

North Koreans use computer terminals at the Sci-Tech Complex in Pyongyang (AP)
North Koreans use computer terminals at the Sci-Tech Complex in Pyongyang (AP)

North Korean hackers may have stolen classified information on a new laser weapon system and key South Korean defence secrets after allegedly accessing a huge cache of data from defence and research firms in the South.

A North Korean state-sponsored hacking group known as Andariel allegedly stole data from 14 entities, including South Korean defence firms, research institutes, and pharmaceutical companies, police have said.

An investigation has been launched into the cyber-hacking incident with the Seoul Metropolitan Police Agency and US Federal Bureau of Investigation (FBI) working to determine the extent of the data leak by the group.

Andariel, sanctioned by the US Department of Treasury and designated as a North Korean state-sponsored malicious cyber group in 2019, established a proxy server from a district of the North Korean capital Pyongyang.

The group accessed the proxy servers 83 times between last December and March, the police investigating the case said.

The massive breach of data includes some 250 files or 1.2 terabytes of information and data stolen by hackers, according to the Yonhap news agency.

The group used the server to reach the websites of various firms and institutions, exploiting a South Korean hosting service that leases servers to undisclosed clients.

The group has extorted 470m won ($357,000; £284,000 worth of bitcoin via ransomware attacks on three South Korean and foreign firms, police said, adding that some of the ransom moneys have been sent back to Pyongyang.

Approximately 110m won was sent to a Chinese bank using the financial account of a female foreigner, according to police investigations involving both local and international virtual-asset exchanges.

The funds were subsequently withdrawn at a bank outlet situated in an area along the China-North Korea border. It is believed that the funds were eventually funneled to North Korea, said the police, adding that they are tracking the woman’s financial records to confirm if she played a part in money laundering.

Experts have raised concerns over the isolated nation resorting to cryptocurrency theft as a means to finance its nuclear arsenal amid extensive sanctions,

Cyber-attacks resulting in millions of dollars have been attributed to North Korean hackers, despite previous denials of involvement in cybercrime by Pyongyang.

Last year, North Korean hackers were alleged to have stolen 1.2bn won in virtual assets, according to South Korea’s spy agency. It said that cyber-criminals working for the North Korean government have made 1.5tn won in the last three years.