Advancing UK Aerospace, Defence, Security & Space Solutions Worldwide
  • Home
  • /
  • Security
  • /
  • NCSC and partners warn of DPRK-sponsored cyber ops

Security

NCSC and partners warn of DPRK-sponsored cyber ops

The National Cyber Security Centre (NCSC) – a part of GCHQ – issued a new advisory yesterday alongside partners in the US and the Republic of Korea, which reveals how a Democratic People’s Republic of Korea (DPRK) sponsored cyber threat group known as Andariel, has been compromising organisations around the world to steal sensitive and classified technical information and intellectual property data.

Image copyright Shutterstock

The NCSC assesses that Andariel is a part of DPRK’s Reconnaissance General Bureau (RGB) 3rd Bureau and that the group’s malicious cyber activities pose an ongoing threat to critical infrastructure organisations globally.  

The cyber actors have primarily targeted defence, aerospace, nuclear and engineering entities and organisations in the medical and energy sectors to a lesser extent, in order to obtain information such as contract specification, design drawings and project details.

Advertisement
DSEI 2025

As part of its operations, Andariel has also launched ransomware attacks against US healthcare organisations in order to extort payments and fund further espionage activity.

This advisory shares technical details and mitigation advice to help defend against the actors who have been seen exploiting known vulnerabilities to access victims’ systems before deploying malware and other tools to maintain persistence, evade detection and exfiltrate data.  

Paul Chichester, NCSC Director of Operations, said: “The global cyber espionage operation that we have exposed today shows the lengths that DPRK state-sponsored actors are willing to go to pursue their military and nuclear programmes.

“It should remind critical infrastructure operators of the importance of protecting the sensitive information and intellectual property they hold on their systems to prevent theft and misuse.  

“The NCSC, alongside our US and Korean partners, strongly encourage network defenders to follow the guidance set out in this advisory to ensure they have strong protections in place to prevent this malicious activity.”

Advertisement
ODU RT

The advisory outlines how Andariel has evolved its operations from conducting destructive attacks targeting US and South Korea organisations to conducting specialised cyber espionage and ransomware attacks.

It warns that in some cases the actors have even been observed launching ransomware attacks and espionage operations on the same day and leveraging both activities against the same victim.

The advisory has been co-sealed by the NCSC, the US Federal Bureau of Investigation (FBI), the US Cyber National Mission Force (CNMF), the US Cybersecurity and Infrastructure Security Agency (CISA), the US Department of Defense Cyber Crime Center (DC3), the US National Security Agency (NSA), the Republic of Korea’s National Intelligence Service (NIS) and the Republic of Korea’s National Police Agency (NPA).

It can be read on the FBI website: www.ic3.gov/Media/News/2024/240725.pdf
 

Met makes arrest milestone using LFR

Security

Met makes arrest milestone using LFR

10 July 2025

More than 1,000 wanted criminals have now been arrested by the Metropolitan Police Service using Live Facial Recognition (LFR), including paedophiles, rapists and violent robbers.

NCA arrest four for cyber attacks on M&S, Co-op and Harrods

Security

NCA arrest four for cyber attacks on M&S, Co-op and Harrods

10 July 2025

Four people have been arrested in the UK this morning as part of a National Crime Agency (NCA) investigation into cyber attacks targeting M&S, Co-op and Harrods.

Metis to supply Skyperion to NATO ally

Defence Security

Metis to supply Skyperion to NATO ally

10 July 2025

Metis has won a contract to supply a number of Skyperion drone detection systems to a NATO customer to provide the drone detect function as part of an integrated Counter Uncrewed Air Systems (C-UAS) capability.

Serco appoints Keith Williams as Chair

Aerospace Defence Security Space

Serco appoints Keith Williams as Chair

4 July 2025

Serco has appointed Keith Williams to the Board as a Non-Executive Director and Chair designate.

Advertisement
Teledyne
Boeing appoints Stephen Parker as CEO of BDS

Defence Security Space

Boeing appoints Stephen Parker as CEO of BDS

3 July 2025

Boeing has appointed Stephen (Steve) Parker as president and chief executive officer of its Defense, Space & Security (BDS) business, effective immediately.

Lancashire aims at advancing cyber-enabled defence and security

Defence Security Events

Lancashire aims at advancing cyber-enabled defence and security

3 July 2025

Over 200 senior business leaders, investors, policymakers and academics from across the UK gathered this week at the Lancashire Cyber Festival to discuss Lancashire’s opportunity to become a global leader in cyber-enabled defence and security.

Advertisement
DSEI 2025