Andariel
Andariel is a North Korean state-sponsored threat group that has been active since at least 2009. Andariel has primarily focused its operations--which have included destructive attacks--against South Korean government agencies, military organizations, and a variety of domestic companies; they have also conducted cyber financial operations against ATMs, banks, and cryptocurrency exchanges. Andariel's notable activity includes Operation Black Mine, Operation GoldenAxe, and Campaign Rifle. Andariel is considered a sub-set of Lazarus Group, and has been attributed to North Korea's Reconnaissance General Bureau. North Korean group definitions are known to have significant overlap, and some security researchers report all North Korean state-sponsored cyber activity under the name Lazarus Group instead of tracking clusters or subgroups.
Attribution signal
?Score = mentions × confidence weight, summed across all attributed sources. Higher source diversity increases the score.≥ 10 High≥ 3 Moderate< 3 LowAttribution signals
13 mentions · 6 sources"The FBI says the Silent Ransom Group (SRG), which is targeting law firms, has sent people to company offices to directly get access to computers."
"We also uncovered the reemergence of Andariel in South Korea, where the group deployed TigerRAT and attempted to spread Rook ransomware within an engineering company"
"with the group's operators based in Russia, researchers speculate gig workers or subcontractors are playing a critical role"
"Through phone calls and phishing emails, SRG actors pose as IT support to establish access to victim computers and exfiltrate data, usually through legitimate remote access tools or by sending an individual in-person to the victim company's location to gain physical access to computers"
"Silent Ransom Group has been active since at least 2022 and emerged following the collapse of the Conti ransomware syndicate"
"this cybercrime gang has been active since at least 2022 and has been targeting legal and financial organizations in the United States since early 2023"
"As of Spring 2026, SRG actors use a social engineering scheme to pose as an employee from the victim's IT department."
"the FBI said the group, known as Silent Ransom Group (SRG), has consistently targeted U.S. law firms since 2023"
"The closed group, which likely operates from Russia and emerged in 2022 after Conti disbanded"
"A cyber extortion group linked to the now-defunct Conti ransomware syndicate is increasingly targeting U.S. law firms"
"the same group of threat actors was also linked to BazarCall campaigns that provided initial access to corporate networks in Conti and Ryuk ransomware attacks"
"the Silent Ransom Group (SRG) extortion gang is now targeting U.S.-based law firms in in-person data theft attacks"
Hedge terms observed