Today, CISA—in partnership with the Federal Bureau of Investigation (FBI)—released a joint Cybersecurity Advisory, North Korea State-Sponsored Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs. The advisory was coauthored with the following organizations:
This advisory was crafted to highlight cyber espionage activity associated with the Democratic People’s Republic of Korea (DPRK)’s Reconnaissance General Bureau (RGB) 3rd Bureau based in Pyongyang and Sinuiju. The group primarily targets defense, aerospace, nuclear, and engineering entities to obtain sensitive and classified technical information and intellectual property to advance the regime’s military and nuclear programs and ambitions.
The authoring agencies believe the group and the cyber techniques remain an ongoing threat to various industry sectors worldwide, including but not limited to entities in their respective countries, as well as in Japan and India.
All critical infrastructure organizations are encouraged to review the advisory and implement the recommended mitigations. For more information on North Korean state-sponsored threat actor activity, see CISA’s North Korea Cyber Threat Overview and Advisories page.
Andariel actors fund their espionage activity through ransomware operations against U.S. healthcare entities. For more information on this ransomware activity, see joint advisories #StopRansomware: Ransomware Attacks on Critical Infrastructure Fund DPRK Malicious Cyber Activities and North Korean State-Sponsored Cyber Actors Use Maui Ransomware to Target the Healthcare and Public Health Sector.
CISA released nine Industrial Control Systems (ICS) advisories on July 22, 2025. These advisories provide…
CISA released six Industrial Control Systems (ICS) advisories on July 24, 2025. These advisories provide…
CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence…
CISA, in partnership with the Federal Bureau of Investigation (FBI), the Department of Health and…
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of…
CISA is aware of active exploitation of a new remote code execution (RCE) vulnerability enabling unauthorized…
This website uses cookies.