The North Korean state-backed Stonefly group (aka Andariel, APT45, Silent Chollima, Onyx Sleet) is targeting critical defense, aerospace, nuclear, and engineering companies for data theft, according to a joint advisory from the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA).

Stonefly is systematically stealing technical information and intellectual property from organizations in the U.S., Japan, South Korea, and India. “The authoring agencies believe the group and the cyber techniques remain an ongoing threat to various industry sectors worldwide,” the advisory noted.

Separately, the U.S. government announced a $10 million reward for information leading to the arrest of Rim Jong Hyok, an individual believed to be a key player in the malicious activity. In addition, the U.S. Justice Department indicted Jong Hyok on charges related to his involvement in Stonefly attacks on multiple U.S. entities, including NASA and two U.S. Air Force bases.

In a report that coincided with the U.S. government advisory, Mandiant said it observed Stonefly gradually launching more financially motivated attacks, such as ransomware attacks, in recent years, alongside its cyberespionage operations. “[Stonefly] is one of North Korea’s longest running cyber operators, and the group’s activity mirrors the regime’s geopolitical priorities even as operations have shifted from classic cyber espionage against government and defense entities to include healthcare and crop science,” Mandiant said.