Description
[Andariel](https://attack.mitre.org/groups/G0138) is a North Korean state-sponsored threat group that has been active since at least 2009. [Andariel](https://attack.mitre.org/groups/G0138) has primarily focused its operations--which have included destructive attacks--against South Korean government agencies, military organizations, and a variety of domestic companies; they have also conducted cyber financial operations against ATMs, banks, and cryptocurrency exchanges. [Andariel](https://attack.mitre.org/groups/G0138)'s notable activity includes Operation Black Mine, Operation GoldenAxe, and Campaign Rifle.(Citation: FSI Andariel Campaign Rifle July 2017)(Citation: IssueMakersLab Andariel GoldenAxe May 2017)(Citation: AhnLab Andariel Subgroup of Lazarus June 2018)(Citation: TrendMicro New Andariel Tactics July 2018)(Citation: CrowdStrike Silent Chollima Adversary September 2021) [Andariel](https://attack.mitre.org/groups/G0138) is considered a sub-set of [Lazarus Group](https://attack.mitre.org/groups/G0032), and has been attributed to North Korea's Reconnaissance General Bureau.(Citation: Treasury North Korean Cyber Groups September 2019) North Korean group definitions are known to have significant overlap, and some security researchers report all North Korean state-sponsored cyber activity under the name [Lazarus Group](https://attack.mitre.org/groups/G0032) instead of tracking clusters or subgroups.
Techniques Used (TTPs)
- T1049 — System Network Connections Discovery (discovery)
- T1203 — Exploitation for Client Execution (execution)
- T1005 — Data from Local System (collection)
- T1590.005 — IP Addresses (reconnaissance)
- T1189 — Drive-by Compromise (initial-access)
- T1057 — Process Discovery (discovery)
- T1592.002 — Software (reconnaissance)
- T1588.001 — Malware (resource-development)
- T1204.002 — Malicious File (execution)
- T1566.001 — Spearphishing Attachment (initial-access)
- T1027.003 — Steganography (defense-evasion)
- T1105 — Ingress Tool Transfer (command-and-control)
Total TTPs: 12