In this threat research report, we shed light on a significant cyber attack attributed to North Korean state-sponsored actors known as Andariel, emphasizing the critical role that South Korea plays both as a target and a source of infrastructure for these threat actors.
South Korean Defense Contractor Targeted: Based on details that South Korean authorities revealed in December 2023, SecurityScorecard researchers determined that one likely victim was South Korean defence contractor Hanwha Corporation. South Korean military and defence organizations are top targets for state-sponsored North Korean cyber espionage due to the decades-long hostility and military tensions between the two occupants of the divided Korean Peninsula.
Use of South Korean infrastructure: Further research by SecurityScorecard threat hunters indicated that the actors likely used servers rented from South Korean IT service provider Daou Technology. North Korean actors often use compromised or illicitly obtained South Korean infrastructure, either in the hopes of blending in with their South Korean targets or to avoid revealing themselves as North Koreans by using infrastructure from a neighbouring country that speaks the same language.
Regions
Published by
About our partner
SecurityScorecard
SecurityScorecard created Supply Chain Detection and Response (SCDR), transforming how organizations defend against the fastest-growing threat vector—supply chain attacks. Our industry-leading security ratings serve as the foundation and core strength, while SCDR continuously monitors third-party risks using our factor-based ratings, automated assessments and proprietary threat intelligence, to resolve threats before they become breaches. MAX enables response and remediation capability, working through our service partners to protect the entire supply chain ecosystem while strengthening operational resilience, enhancing third-party risk management, and mitigating concentrated risk.Trusted by over 3,000 organizations—including two-thirds of the Fortune 100—and recognized as a trusted resource by the U.S. Cybersecurity & Infrastructure Security Agency (CISA). Backed by Evolution Equity Partners, Silver Lake Partners, Sequoia Capital, GV, NGP, Intel Capital and Riverwood Capital, SecurityScorecard delivers end-to-end supply chain cybersecurity that safeguards business continuity.
Learn more
Recommendations
GIW FEDERAL 2025: Strategies to bolster female participation in the cyber workforce for optimised outcomes
The Importance of AI Assurance: Ensuring Trustworthy AI Systems
2025 Ransomware Holiday Risk Report
GIW QLD: Cybersecurity resilience in a volatile world: People, process and partnership with Steven Woodhouse
