Threat Actor Profile

Andariel (Jumpy Pisces)

Andariel, also known as "Jumpy Pisces," is a North Korean-linked cyber espionage and ransomware group believed to have emerged around 2015. Affiliated with the infamous Lazarus Group, Andariel is known for targeting financial institutions, government entities, and enterprises through advanced ransomware campaigns and sophisticated phishing schemes. Their operations often aim to fund North Korea's regime or gather intelligence.

Threat Actor Profile

Andariel (Jumpy Pisces)

Country of Origin

Andariel is identified as a North Korean threat actor. The group's activities and affiliations with other North Korean entities confirm its connection to the country’s cyber warfare initiatives.

Members

The exact number and structure of Andariel members are unknown. However, their ties to other Lazarus Group operations indicate they are part of an organized and skillful team with expertise in ransomware and cyber espionage.

Leadership

Details regarding Andariel's leadership remain elusive. No specific names or aliases have been publicly disclosed, but their affiliation with North Korea suggests organizational oversight by its cyber units known for sophisticated operations.

Andariel (Jumpy Pisces) TTPs

Tactics

Andariel’s primary goals include financial gain and intelligence gathering. They often target industries such as finance, defense, energy, and government to disrupt operations or steal sensitive data.

Techniques

The group is notorious for deploying spear phishing emails to gain initial access, using social engineering and malicious attachments. They also leverage malware like Andariel backdoors and ransomware strains to maintain persistence and exfiltrate data.

Procedures

Andariel’s specific methods include developing and deploying custom ransomware, exploiting unpatched vulnerabilities, executing lateral movements across targeted networks, and concealing activities using advanced evasion techniques.

Want to Shut Down Threats Before They Start?

Schedule a Demo Today

Notable Cyberattacks

2021 "Maui" ransomware campaign

Targeted healthcare providers, disrupting operations and demanding Bitcoin payments.

Source

Persistent targeting of South Korean companies

Caused significant operational and financial damage through various campaigns.

Source

Law Enforcement & Arrests

No arrests or enforcement actions specific to Andariel have been publicized to date. However, global law enforcement continues collaborating to disrupt North Korean cyber operations, targeting associated infrastructure and financial channels.

How to Defend Against Andariel

Implement Multi-Factor Authentication (MFA): Prevent unauthorized credential use

Patch Management: Regularly update software to mitigate zero-day vulnerabilities

Endpoint Detection and Response (EDR): Leverage tools to identify malware signatures and anomalous network behavior

Segmentation Standards: Limit access between critical systems to contain any lateral movement

User Awareness Campaigns: Train employees to recognize phishing attempts and follow cybersecurity best practices

Segmentation Standards: Limit access between critical systems to contain any lateral movement

Huntress solutions help protect organizations by monitoring endpoints, detecting intrusions, and mitigating Andariel threats with enterprise-grade technology.

Try Huntress for Free

References

https://www.anvilogic.com/threat-reports/north-korea-andariel-play

https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-187a#:~:text=Technical%20Details,for%20these%20incidents%20is%20unknown.

Detect, Respond, Protect

See how the global Huntress SOC can augment your team
with 24/7 coverage and unmatched human expertise.
Start your free trial today.

Try Huntress for Free