SEOUL — South Korean police are investigating whether a North Korean hacker group, accused of stealing data from 14 entities, obtained information on defence technology including an anti-aircraft laser, a Seoul city police official said on Wednesday (Dec 6).
The probe, which is being carried out in conjunction with the US Federal Bureau of Investigation (FBI), is trying to determine the extent of the data obtained by the group known as Andariel, Jeong Jin-ho, who heads a team at the Seoul Metropolitan Police Agency investigating the case, told Reuters.
The US Department of the Treasury in 2019 listed Andariel as a North Korean state-sponsored hacking group, focused on conducting malicious cyber operations on foreign businesses, government agencies and the defence industry.
Local media reported this week that the cache of data included key South Korean defence secrets.
The entities targeted included South Korean defence firms, research institutes and pharmaceutical companies, an earlier police statement said. Some 250 files, or 1.2 terabytes of information and data, were taken by the hackers, it said.
A proxy server set up by the group was accessed in a district of the North Korean capital Pyongyang 83 times between last December and March, police said.
The server was used to access the websites of the firms and institutions, with the group taking advantage of a South Korean hosting service that rents servers to unidentified clients.
The group also extorted 470 million won (S$480,000) worth of bitcoin from three South Korean and foreign firms in ransomware attacks, police said.
North Korean hackers have been blamed for cyberattacks netting millions of dollars, though Pyongyang previously has denied being involved in cybercrime.
A foreign woman was being investigated in connection with the ransomware attacks after some of the bitcoin were transferred through her bank account and withdrawn at a bank in China, police said. She has denied any wrongdoing.
ALSO READ: US, South Korea, Japan to launch consultative group on North Korea's cyber threats