Andariel
Web3 / compliance
Andariel (also tracked as Silent Chollima) is a sub-group of the Lazarus Group operating under the Reconnaissance General Bureau, distinct from BlueNoroff in both geographic focus and operational mandate. Where BlueNoroff targets global financial institutions and crypto firms for large-scale theft, Andariel has historically concentrated on South Korea — targeting government agencies, defence contractors, military organisations, and private businesses for both espionage and disruptive sabotage. It is responsible for a string of attacks against South Korean critical infrastructure including defence networks, nuclear research institutions, and healthcare systems. To support the regime's need for foreign currency, Andariel also conducts financially motivated cybercrime: it has deployed ransomware against hospitals and logistics firms, and targeted virtual asset service providers in South Korea and neighbouring jurisdictions to generate revenue while creating operational disorder that complicates forensic attribution. Example: Andariel's 2024 campaign against South Korean defence-adjacent firms combined espionage — exfiltrating classified weapons-system documentation — with ransomware deployment on the same networks, serving both intelligence-collection and revenue-generation objectives simultaneously in a single operation. Why it matters for compliance: Andariel's hybrid espionage-plus-ransomware model makes it particularly dangerous for Web3 firms with South Korean operations or partnerships: the same intrusion may serve to steal intellectual property, harvest wallet credentials, and deploy ransomware, with any one objective capable of causing existential damage. Firms operating in the Asia-Pacific region must treat Andariel as a credible and persistent threat actor alongside BlueNoroff.
Explore the full Web3 Glossary — 2,062+ expert-curated definitions. Need guidance? Talk to our consultants.