Andariel
MITRE: G0138Anadriel is an alias of the known APT group APT38
Andariel is a North Korean state-sponsored threat group that has been active since at least 2009. Andariel has primarily focused its operations--which have included destructive attacks--against South Korean government agencies, military organizations, and a variety of domestic companies; they have also conducted cyber financial operations against ATMs, banks, and cryptocurrency exchanges. Andariel\\\'s notable activity includes Operation Black Mine, Operation GoldenAxe, and Campaign Rifle. Andariel is considered a sub-set of Lazarus Group, and has been attributed to North Korea\\\'s Reconnaissance General Bureau. North Korean group definitions are known to have significant overlap, and some security researchers report all North Korean state-sponsored cyber activity under the name Lazarus Group instead of tracking clusters or subgroups.
A North Korean hacking group that is working under APT38 / Lazarus
Andariel is an advanced persistent threat (APT) that has been active since at least 2013, targeting government agencies and private companies in various countries, including Russia, Ukraine, Belarus, and Kazakhstan. The group\\\'s primary focus appears to be on stealing sensitive information related to military operations, political activities, and economic development projects. Andariel has been linked to Russian intelligence services through the use of similar tactics, techniques, and procedures (TTP) as other known APT groups associated with Russia.\\
\\
Techniques, tactics, and practices: \\
\\
Andariel is a sophisticated threat actor that uses various TTPs to achieve its objectives. Some of these include spear-phishing emails, watering hole attacks, and exploiting vulnerabilities in software or systems. They also use malware such as Trojan horses, keyloggers, and remote access tools (RAT) to gain unauthorized access to their targets\\\' networks. Additionally, Andariel has been known to conduct social engineering tactics like impersonation of legitimate organizations or individuals in order to gather sensitive information from unsuspecting victims.
