www.theguardian.com Open in urlscan Pro
2a04:4e42:400::367  Public Scan

Form analysis
1 forms found in the DOM

https://www.google.co.uk/search

<form action="https://www.google.co.uk/search" class="dcr-g8v7m4"><label for="gu-search-mobile" class="dcr-0">
    <div class="dcr-6v110l">Search input </div>
  </label><input type="text" id="gu-search-mobile" aria-required="true" aria-invalid="false" aria-describedby="" required="" name="q" placeholder="Search" data-link-name="nav2 : search" tabindex="-1" class="selectableMenuItem dcr-1inekgs"><label
    for="gu-search-mobile" class="dcr-0">
    <div class="dcr-6v110l">google-search </div>
    <div class="dcr-190ztmi"><svg width="30" viewBox="-3 -3 30 30" xmlns="http://www.w3.org/2000/svg" aria-hidden="true">
        <path fill-rule="evenodd" clip-rule="evenodd"
          d="M9.273 2c4.023 0 7.25 3.295 7.25 7.273a7.226 7.226 0 0 1-7.25 7.25C5.25 16.523 2 13.296 2 9.273 2 5.295 5.25 2 9.273 2Zm0 1.84A5.403 5.403 0 0 0 3.84 9.274c0 3 2.409 5.454 5.432 5.454 3 0 5.454-2.454 5.454-5.454 0-3.023-2.454-5.432-5.454-5.432Zm7.295 10.887L22 20.16 20.16 22l-5.433-5.432v-.932l.91-.909h.931Z">
        </path>
      </svg><span class="dcr-1p0hins">Search</span></div>
  </label><button type="submit" aria-live="polite" aria-label="Search with Google" data-link-name="nav2 : search : submit" tabindex="-1" class="dcr-7lzcei">
    <div class="src-button-space"></div><svg width="30" viewBox="-3 -3 30 30" xmlns="http://www.w3.org/2000/svg" aria-hidden="true">
      <path fill-rule="evenodd" clip-rule="evenodd" d="M1 12.956h18.274l-7.167 8.575.932.932L23 12.478v-.956l-9.96-9.985-.932.932 7.166 8.575H1v1.912Z"></path>
    </svg>
  </button><input type="hidden" name="as_sitesearch" value="www.theguardian.com"></form>

Text Content

Skip to main contentSkip to navigation
Close dialogue1/1Next imagePrevious imageToggle caption
Skip to navigation
Print subscriptions
Sign in
Search jobs
Search
Europe edition
 * Europe edition
 * UK edition
 * US edition
 * Australia edition
 * International edition

The Guardian - Back to homeThe Guardian


SUPPORT THE GUARDIAN

Fund independent journalism with €12 per month
Support us

Support us
 * News
 * Opinion
 * Sport
 * Culture
 * Lifestyle

ShowMoreShow More
 * News
   * View all News
   * World news
   * UK news
   * Climate crisis
   * Ukraine
   * Environment
   * Science
   * Global development
   * Football
   * Tech
   * Business
   * Obituaries
   
 * Opinion
   * View all Opinion
   * The Guardian view
   * Columnists
   * Cartoons
   * Opinion videos
   * Letters
   
 * Sport
   * View all Sport
   * Olympics 2024
   * Football
   * Cricket
   * Rugby union
   * Tennis
   * Cycling
   * F1
   * Golf
   * US sports
   
 * Culture
   * View all Culture
   * Books
   * Music
   * TV & radio
   * Art & design
   * Film
   * Games
   * Classical
   * Stage
   
 * Lifestyle
   * View all Lifestyle
   * Fashion
   * Food
   * Recipes
   * Love & sex
   * Health & fitness
   * Home & garden
   * Women
   * Men
   * Family
   * Travel
   * Money
 * Search input
   google-search
   Search
   
   
    * Support us
    * Print subscriptions

   Europe edition
   * UK edition
   * US edition
   * Australia edition
   * International edition
   
 * * Search jobs
   * Holidays
   * Digital Archive
   * Guardian Licensing
   * About Us
   * The Guardian app
   * Video
   * Podcasts
   * Pictures
   * Newsletters
   * Today's paper
   * Inside the Guardian
   * The Observer
   * Guardian Weekly
   * Crosswords
   * Wordiply
   * Corrections
 * * Search jobs
   * Holidays
   * Digital Archive
   * Guardian Licensing
   * About Us

 * World
 * Europe
 * US
 * Americas
 * Asia
 * Australia
 * Middle East
 * Africa
 * Inequality
 * Global development



The malicious cyber activities are said to pose a threat to critical
infrastructure around the world. Photograph: Dominic Lipinski/PA
View image in fullscreen
The malicious cyber activities are said to pose a threat to critical
infrastructure around the world. Photograph: Dominic Lipinski/PA
Espionage



NORTH KOREA-BACKED CYBER ESPIONAGE CAMPAIGN TARGETS UK MILITARY

National Cyber Security Centre warns of global hacking effort to obtain nuclear
and defence intelligence


Dan Milmo and Alex Hern
Thu 25 Jul 2024 19.19 CESTLast modified on Thu 25 Jul 2024 22.16 CEST
Share



North Korean state-backed hackers have mounted a campaign to obtain secrets
related to nuclear materials, military drones, submarines and shipbuilding in
the UK and US, as intelligence agencies warned of a “global cyber-espionage
campaign” targeting sensitive industries.

A joint notice from the US, UK and South Korea warned that the Democratic
People’s Republic of Korea (DPRK) was using state-backed attackers to further
the regime’s military and nuclear ambitions. It added that Japan and India had
also been targeted.



Hackers have targeted sensitive military information and intellectual property
in four main areas: nuclear, defence, aerospace and engineering. The assailants,
working for a group called Andariel, have also sought to obtain secrets from the
medical and energy industries.

Paul Chichester, the National Cyber Security Centre’s (NCSC) director of
operations, said: “The global cyber espionage operation that we have exposed
today shows the lengths that DPRK state-sponsored actors are willing to go to
pursue their military and nuclear programmes.”

Is the UK resilient enough to withstand a major cyber-attack?
Read more

The NCSC said Andariel had been “compromising organisations around the world to
steal sensitive and classified technical information and intellectual property
data”.

The NCSC believes that Andariel is a part of DPRK’s reconnaissance general
bureau (RGB) and that the group’s malicious cyber activities pose a continued
threat to critical infrastructure organisations globally.

The information targeted by the hackers includes data related to tanks,
torpedoes, fighter aircraft, satellites, government nuclear facilities, nuclear
power plants, robots and 3D printing, the NCSC said. The targeted countries
include the US, UK, South Korea, India and Japan.

The intelligence agencies said Andariel was funding its espionage campaign by
launching ransomware attacks against the US healthcare sector. They said the
attackers were likely identifying vulnerable systems using publicly available
internet scanning tools.

Chichester said: “It should remind critical infrastructure operators of the
importance of protecting the sensitive information and intellectual property
they hold on their systems to prevent theft and misuse.

“The NCSC, alongside our US and Korean partners, strongly encourage network
defenders to follow the guidance set out in this advisory to ensure they have
strong protections in place to prevent this malicious activity.”

The advisory outlines how Andariel has evolved from destructive hacks against US
and South Korea organisations to carrying out specialised cyber espionage and
ransomware attacks.

In some cases, the hackers carried out ransomware attacks and cyber espionage
operations on the same day against the same victim.

The US state department offered a reward of up to $10m (£7.8m) for information
on Rim Jong Hyok, who it said was associated with Andariel. The department said
Rim and others conspired to carry out ransomware attacks on US hospitals and
other healthcare providers to fund its operations against government bodies and
defence firms.

US law enforcement agencies believe Andariel targeted five healthcare providers,
four US-based defence contractors, two US air force bases and Nasa’s office of
inspector general. In one operation that began in November 2022, the hackers
accessed a US defence contractor from which they extracted more than 30
gigabytes of data, including unclassified technical information regarding
material used in military aircraft and satellites.

Unlike most other state actors, North Korea’s motivations in cyberwarfare appear
split between conventional military and national security goals and financial
advantages.

Over the past six years, according to a UN report, Korean hackers have been
involved in almost 60 cyber-attacks on cryptocurrency-related companies alone,
stealing an estimated $3bn. One single attack, against the crypto exchange
Poloniex, seized more than $110m. “The key tasks of these cyberthreat actors are
to obtain information of value to the Democratic People’s Republic of Korea and
to illicitly generate revenue for the country,” the report concluded. The
hackers used any method they could to secure hard funds, including
“spearphishing, vulnerability exploits, social engineering and watering holes”.

The most damaging individual attack linked to the North Korean cyber-army was
the WannaCry “ransomworm” in 2017. The US and UK formally accused North Korea of
building the virus, which the country denied. Although it appeared to be a piece
of ransomware, WannaCry’s payments infrastructure wasn’t linked to anything, and
the virus, which took down machines around the world and significantly hampered
the NHS, raised just over $55,000.

Explore more on these topics
 * Espionage
 * North Korea
 * Cybercrime
 * Defence policy
 * Internet
 * Military
 * Cyberwar
 * news

Share

Reuse this content


MOST VIEWED

 * LIVE
   MIDDLE EAST CRISIS: HAMAS SAYS LEADER ISMAIL HANIYEH KILLED IN IRAN – LATEST
   UPDATES
   
   

 * PARIS OLYMPICS 2024 MEDAL TABLE
   
   

 * KEIR STARMER SAYS SOUTHPORT RIOTERS WILL FEEL ‘FULL FORCE OF THE LAW’
   
   

 * HAMAS LEADER ISMAIL HANIYEH KILLED IN RAID ON IRAN RESIDENCE, SAYS
   PALESTINIAN GROUP
   
   

 * ATLANTA RALLY: HARRIS TELLS TRUMP TO ‘SAY IT TO MY FACE’ AND CHALLENGES HIM
   TO DEBATE
   
   




MORE ON THIS STORY






MORE ON THIS STORY




 * WHAT DOES THE LONDON NHS HOSPITALS DATA THEFT MEAN FOR PATIENTS?
   
   21 Jun 2024
   


 * LONDON HOSPITALS CANCEL NEARLY 1,600 OPERATIONS AND APPOINTMENTS IN ONE WEEK
   DUE TO HACK
   
   14 Jun 2024
   


 * LONDON HOSPITALS CANCEL CANCER SURGERIES AFTER CYBER-ATTACK
   
   8 Jun 2024
   


 * LONDON NHS HOSPITALS REVERT TO PAPER RECORDS AFTER CYBER-ATTACK
   
   5 Jun 2024
   


 * WHO ARE QILIN, THE CYBERCRIMINALS THOUGHT BEHIND THE LONDON HOSPITALS HACK?
   
   5 Jun 2024
   


 * RUSSIAN CRIME GROUP BEHIND LONDON HOSPITALS CYBER-ATTACK, SAYS EXPERT
   
   5 Jun 2024
   


 * SERVICES DISRUPTED AS LONDON HOSPITALS HIT BY CYBER-ATTACK
   
   4 Jun 2024
   


 * UK ENGINEERING FIRM ARUP FALLS VICTIM TO £20M DEEPFAKE SCAM
   
   17 May 2024
   


 * BT RAMPS UP AI USE TO COUNTER HACKING THREATS TO BUSINESS CUSTOMERS
   
   13 May 2024
   




MOST VIEWED


MOST VIEWED



 * World
 * Europe
 * US
 * Americas
 * Asia
 * Australia
 * Middle East
 * Africa
 * Inequality
 * Global development

 * News
 * Opinion
 * Sport
 * Culture
 * Lifestyle

Original reporting and incisive analysis, direct from the Guardian every morning
Sign up for our email

 * Help
 * Complaints & corrections
 * SecureDrop
 * Work for us
 *  
 * Privacy policy
 * Cookie policy
 * Terms & conditions
 * Contact us

 * All topics
 * All writers
 * Digital newspaper archive
 * Facebook
 * YouTube
 * Instagram
 * LinkedIn
 * X
 * Newsletters

 * Advertise with us
 * Search UK jobs


Back to top
© 2024 Guardian News & Media Limited or its affiliated companies. All rights
reserved. (dcr)