Andariel’s main targets were defense-related entities. Among their loot were designs for laser anti-aircraft weapons that can shoot down drones and fighter jets as well as sensors used to detect enemy attacks. The South Korean military developed the laser weapon in April of this year and plans to begin production next year. “We believe that scores of businesses were targets, and most of them didn’t even know they were hacked,” the investigator said. “Some businesses didn’t report the attacks for fear of damaging their corporate image, so the actual damage could be even bigger.” Andariel spread ransomware programs targeting three South Korean and overseas companies in 2021 that destroyed their computers systems and made off with W470 million worth of Bitcoins that they had extorted for repairing the damage (US$1=W1,306). They then laundered the extorted money through cryptocurrency exchanges Bithumb and Binance before exchanging W110 million of the money into Chinese yuan through a middleman in China. The money was then sent to an account in a Chinese bank in Liaoning Province and withdrawn in the border city of Dandong. Police believe it was taken to North Korea from there and are tracking the remaining W300 million. The investigation of Andariel started after the FBI probed a hacking attack on American hospitals in Kansas in 2021. It found that North Korean hackers spread a ransomware called Maui during the coronavirus pandemic to cripple U.S. hospital servers and extorted US$500,000 in exchange for repairing the damage. The FBI asked South Korean authorities for help when it learned that the e-mail accounts and server used in that attack were based here.
N.Korean Hackers Stole S.Korean Drone-Killer Technology – The Chosun Ilbo (English Edition): Daily News from Korea – North Korea
