Threat Actor Profile
Andariel (Jumpy Pisces)
Andariel, also known as "Jumpy Pisces," is a North Korean-linked cyber espionage and ransomware group believed to have emerged around 2015. Affiliated with the infamous Lazarus Group, Andariel is known for targeting financial institutions, government entities, and enterprises through advanced ransomware campaigns and sophisticated phishing schemes. Their operations often aim to fund North Korea's regime or gather intelligence.
Threat Actor Profile
Andariel (Jumpy Pisces)
Country of Origin
Andariel is identified as a North Korean threat actor. The group's activities and affiliations with other North Korean entities confirm its connection to the country’s cyber warfare initiatives.
Members
The exact number and structure of Andariel members are unknown. However, their ties to other Lazarus Group operations indicate they are part of an organized and skillful team with expertise in ransomware and cyber espionage.
Leadership
Details regarding Andariel's leadership remain elusive. No specific names or aliases have been publicly disclosed, but their affiliation with North Korea suggests organizational oversight by its cyber units known for sophisticated operations.
Andariel (Jumpy Pisces) TTPs
Tactics
Andariel’s primary goals include financial gain and intelligence gathering. They often target industries such as finance, defense, energy, and government to disrupt operations or steal sensitive data.
Techniques
The group is notorious for deploying spear phishing emails to gain initial access, using social engineering and malicious attachments. They also leverage malware like Andariel backdoors and ransomware strains to maintain persistence and exfiltrate data.
Procedures
Andariel’s specific methods include developing and deploying custom ransomware, exploiting unpatched vulnerabilities, executing lateral movements across targeted networks, and concealing activities using advanced evasion techniques.
Want to Shut Down Threats Before They Start?
Notable Cyberattacks
Law Enforcement & Arrests
No arrests or enforcement actions specific to Andariel have been publicized to date. However, global law enforcement continues collaborating to disrupt North Korean cyber operations, targeting associated infrastructure and financial channels.
How to Defend Against Andariel
Implement Multi-Factor Authentication (MFA): Prevent unauthorized credential use
Patch Management: Regularly update software to mitigate zero-day vulnerabilities
Endpoint Detection and Response (EDR): Leverage tools to identify malware signatures and anomalous network behavior
Segmentation Standards: Limit access between critical systems to contain any lateral movement
User Awareness Campaigns: Train employees to recognize phishing attempts and follow cybersecurity best practices
Segmentation Standards: Limit access between critical systems to contain any lateral movement
Huntress solutions help protect organizations by monitoring endpoints, detecting intrusions, and mitigating Andariel threats with enterprise-grade technology.
References
Detect, Respond, Protect
See how the global Huntress SOC can augment your team
with 24/7 coverage and unmatched human expertise.
Start your free trial today.
