Finns exposed a North Korean plot

Finns exposed a North Korean plot Source: www.is.fi/digitoday… WithSecure, a Helsinki-based cybersecurity firm (formerly F-Secure’s corporate security business), says it uncovered a cyber-espionage operation by North Korea-linked Andariel targeting an unnamed European public-sector organization. WithSecure says it detected the breach, proactively alerted the customer, and attributes the activity with high confidence to Andariel, which it links to North Korea’s intelligence services. The intrusion focused on espionage, including access to anti-money-laundering documents—relevant to North Korea’s efforts to evade sanctions. The company also reports a separate Andariel operation against a South Korean software vendor in 2025, following prior targeting in 2017 and likely 2024. Across both cases, WithSecure identified three previously undocumented remote-access trojans—StarshellRAT, JelusRAT and GopherRAT—plus tools such as PrintSpoofer and a customised PetitPotato variant. The attackers also used malicious drivers to disable security controls. The article notes North Korea remains one of the most active state cyber actors, alongside Russia, China and Iran, and funds its nuclear program in part through cybercrime and cryptocurrency theft.