b2b-daily
Home | IT | Cyber Security

North Korean Hackers Steal Defense Technology Files from South Korean Companies

Avatar photo
by Dwaine Evans
December 12, 2023
Image Credit: Vecteezy
North Korean Hackers Steal Defense Technology Files from South Korean Companies
Table of Contents
  1. Description of the cyber attack
  2. Collaboration between the South Korean police and the FBI
  3. Extortion using Bitcoin
  4. Using a local IP address
  5. Scope of the attack and stolen data
  6. Andariel as a unit of Lazarus
  7. Stolen critical data
  8. Involvement of Andariel in Cyber Financial Operations
  9. North Korea's Use of Hackers for Financial Gain

In a major cyberattack, North Korean hackers from the notorious cybercrime group Andariel have successfully targeted several companies in South Korea, stealing sensitive defense technology files. This attack highlights the growing threat of state-sponsored cybercrime and the urgent need for robust cybersecurity measures.

Description of the cyber attack

South Korean authorities have confirmed that approximately 250 files related to defense technology, including anti-aircraft laser weapons, were stolen from a dozen South Korean companies. The targeted entities included defense companies, financial institutions, research institutes, and pharmaceutical companies. The attack resulted in a staggering 1.2TB of data being stolen, significantly compromising national security and intellectual property.

Collaboration between the South Korean police and the FBI

Recognizing the severity of the situation, the South Korean Police coordinated efforts with the Federal Bureau of Investigation (FBI) to uncover Andariel’s hacking activities. Through this collaboration, authorities were able to unravel the elaborate network used by the hackers to evade detection and launch their attacks. This joint effort demonstrates the importance of international cooperation in combating cybercrime.

Extortion using Bitcoin

In addition to stealing defense technology files, the hackers also engaged in extortion, demanding approximately 470 million won ($356,000) worth of bitcoins from three victims, both domestic and foreign. The victims were coerced into paying the ransom in exchange for the restoration of their systems. This highlights the growing trend of cybercriminals exploiting cryptocurrencies for financial gain.

Using a local IP address

Interestingly, the North Korean hackers carried out the attack using a local IP address, which initially raised suspicions among the authorities. Further investigation traced it back to a domestic server rental company that unknowingly provided services to unidentified customers involved in the cyberattack. This incident underscores the need for vigilance and thorough vetting processes to prevent criminals from misusing legitimate service providers.

Scope of the attack and stolen data

The targeted companies spanned various sectors, including defense, finance, research, and pharmaceuticals. The stolen data amounted to a staggering 1.2TB, comprising valuable defense technology files and other sensitive information. This breach poses a significant threat to national security, as the stolen technologies could potentially be exploited by hostile actors.

Andariel as a unit of Lazarus

Andariel is believed to be a unit of Lazarus, the most infamous North Korean cybercrime group. Lazarus is known to be controlled by the Reconnaissance General Bureau (RGB), North Korea’s primary intelligence agency. The group has gained notoriety for its sophisticated hacking techniques and involvement in high-profile cybercrimes.

Stolen critical data

Among the critical data stolen by Andariel were files related to anti-aircraft laser technology. The Korea Times reported that this technology was one of the key assets breached during the cyberattack. The theft of such advanced defense technology raises concerns about potential implications for national security and the balance of power in the region.

Involvement of Andariel in Cyber Financial Operations

Andariel has been previously linked to cyber financial operations targeting banks and cryptocurrency exchanges. Their expertise in hacking financial systems and exploiting digital currencies has become a lucrative revenue source for North Korea. This underscores the need for heightened cybersecurity measures in the financial sector to prevent further exploitation.

North Korea’s Use of Hackers for Financial Gain

The United States Federal Bureau of Investigation estimates that North Korea has approximately 6,000 hackers at its disposal. These hackers are not only used for financial gain but also for intelligence gathering purposes. The revenue generated from cybercrimes, including cryptocurrency thefts and extortion, plays a significant role in funding North Korea’s military and weapons programs.

The cyberattack carried out by North Korean hackers, specifically Andariel, on South Korean companies highlights the significant threat posed by state-sponsored cybercrime. The theft of defense technology files and other sensitive data jeopardizes national security, intellectual property rights, and could potentially disrupt regional stability. It is crucial for both public and private entities to prioritize cybersecurity measures to prevent future attacks and safeguard critical assets.

Blockchain TechnologyCryptoInformation Security

Explore more

The Fastest Way to Land a New Job in 2026
March 5, 2026

Ling-yi Tsai is a distinguished HRTech strategist with over two decades of experience helping organizations and individuals navigate the intersection of human talent and advanced technology. As an expert in HR analytics and recruitment systems, she has a unique vantage point on how the “resume tsunami” of the mid-2020s has fundamentally altered the hiring landscape. Her approach moves beyond simply

Trend Analysis: Autonomous Driving Marketing Regulations
March 5, 2026

The sleek aesthetic of modern dashboards belies a growing tension between the hyperbolic language of Silicon Valley and the rigid safety mandates of government regulators who are currently redefining the boundaries of commercial speech. The central conflict lies in whether a product name is merely a marketing tool or a critical safety instruction that dictates how a human interacts with

Ecommpay Unveils New Guide to Combat Rising E-commerce Fraud
March 5, 2026

The sheer scale of digital financial theft has reached a tipping point where traditional defense mechanisms often fail to protect the modern merchant. With the UK payment sector facing a staggering loss of £1.17 billion in 2026, Ecommpay has released a specialized resource titled E-commerce fraud defence: A quick guide for merchants. This initiative aims to equip businesses with the

How Do Unified Platforms Simplify European Payment Scaling?
March 5, 2026

NavigatingthelabyrinthineregulatoryenvironmentandtechnicalfragmentationoftheEuropeanpaymentlandscaperequiresalevelopfoperationalagilitythatmanytraditionalfinancialinstitutionsstruggletomaintaineffectively. As cross-border commerce continues to accelerate throughout 2026, the demand for seamless account-to-account transactions has forced fintech leaders to rethink their underlying infrastructure. The recent expansion of the strategic partnership between Form3 and the global fintech giant SumUp serves as a landmark example of this shift. By moving beyond their initial collaboration on United Kingdom payment rails, such as

Why Are Smart PDUs Essential for Modern Data Centers?
March 5, 2026

The rapid acceleration of high-performance computing has fundamentally shifted the baseline requirements for power distribution, turning what was once a simple hardware component into a sophisticated pillar of infrastructure management. For decades, the Power Distribution Unit, or PDU, functioned primarily as a high-capacity power strip designed to deliver electricity from a central source to individual server racks without much concern