The United States, the United Kingdom, and South Korea have issued a joint cybersecurity advisory to warn against a North Korean cyber espionage campaign.
According to the advisory, hacker groups known as Andariel, Onyx Sleet, DarkSeoul, Silent Chollima, and Stonefly/Clasiopa operate under Pyongyang’s intelligence agency, the Reconnaissance General Bureau. The threat actors primarily target defense, aerospace, nuclear and engineering organizations across the U.S., the U.K., South Korea, Japan and India. Their goal is to steal sensitive and classified technical information and intellectual property to advance North Korea’s military and nuclear programs.
The joint CSA—issued Thursday by the National Security Agency, the FBI, and partner security and intelligence organizations from the U.S., the U.K., and South Korea—provides information on the cyber groups’ tactics and techniques and what organizations can do to protect their systems.
“As North Korean state-sponsored cyber actors evolve their operations to attempt to infiltrate vital systems, we will pivot to counteract these actions,” said Dave Luber, director of cybersecurity at the NSA.
The CSA is available on the Department of Defense’s official website.