Andariel (Jumpy Pisces)
Andariel, also known as "Jumpy Pisces," is a North Korean-linked cyber espionage and ransomware group believed to have emerged around 2015. Affiliated with the infamous Lazarus Group, Andariel is known for targeting financial institutions, government entities, and enterprises through advanced ransomware campaigns and sophisticated phishing schemes. Their operations often aim to fund North Korea's regime or gather intelligence.
Andariel (Jumpy Pisces)
Country of Origin
Members
Leadership
Andariel (Jumpy Pisces) TTPs
Tactics
Andariel’s primary goals include financial gain and intelligence gathering. They often target industries such as finance, defense, energy, and government to disrupt operations or steal sensitive data.
Techniques
The group is notorious for deploying spear phishing emails to gain initial access, using social engineering and malicious attachments. They also leverage malware like Andariel backdoors and ransomware strains to maintain persistence and exfiltrate data.
Procedures
Andariel’s specific methods include developing and deploying custom ransomware, exploiting unpatched vulnerabilities, executing lateral movements across targeted networks, and concealing activities using advanced evasion techniques.
Want to Shut Down Threats Before They Start?
Indicators of Compromise (IoCs)
Common IoCs associated with Andariel include malicious IP addresses, domains used for command-and-control (C2) communication, unique ransomware hashes, and spear-phishing email templates. Regular updates on Andariel IoCs highlight evolving threats.
Key Victims
Notable victims of Andariel include financial organizations, national defense institutions, energy companies, and governmental bodies worldwide. Their campaigns often focus on organizations with valuable data or critical infrastructure.
Notable Cyberattacks
2021 "Maui" ransomware campaign
Persistent targeting of South Korean companies
Law Enforcement & Arrests
No arrests or enforcement actions specific to Andariel have been publicized to date. However, global law enforcement continues collaborating to disrupt North Korean cyber operations, targeting associated infrastructure and financial channels.
How to Defend Against Andariel
Implement Multi-Factor Authentication (MFA): Prevent unauthorized credential use
Patch Management: Regularly update software to mitigate zero-day vulnerabilities
Endpoint Detection and Response (EDR): Leverage tools to identify malware signatures and anomalous network behavior
Segmentation Standards: Limit access between critical systems to contain any lateral movement
User Awareness Campaigns: Train employees to recognize phishing attempts and follow cybersecurity best practices
Segmentation Standards: Limit access between critical systems to contain any lateral movement
Huntress solutions help protect organizations by monitoring endpoints, detecting intrusions, and mitigating Andariel threats with enterprise-grade technology.
