VERY IMPORTANT

The U.S. Federal Bureau of Investigation (FBI) and several partner agencies are releasing this advisory to highlight a North Korean state-sponsored cyber group known as Andariel, operating under the Reconnaissance General Bureau (RGB) 3rd Bureau. This group primarily targets defense, aerospace, nuclear, and engineering entities to obtain sensitive technical data to advance North Korea's military and nuclear programs. The actors gain initial access through exploitation of public-facing web servers, move laterally using remote access tools, and exfiltrate data over alternative protocols. They also conduct ransomware operations against healthcare entities to fund their espionage activities.