North Korean hacking group known as ‘Andariel,’ believed to be a unit within the notorious Lazarus cybercrime group, has stolen key technologies from South Korean defense firms, including anti-aircraft weapons, and transferred some of the money they obtained via ransomware attacks to North Korea, South Korean news agency Yonhap reported.

According to the agency, the attacks are being investigated by South Korean police in cooperation with the FBI.

The police said that the hackers rented servers from a South Korean server hosting provider and used them to hack into multiple companies, including subsidiaries of large domestic companies in the communications, security, and IT service industries, as well as domestic technology centers and research institutes dealing with advanced science and technology, food, and biology, universities, pharmaceutical companies, defense companies, and financial companies.

The police confirmed that a total of 1.2 terabytes of technology and data files were stolen.

The news agency said that some of the hacked firms were not aware they had been compromised, while others did not report the incidents fearing reputational damage.

Andariel is also said to have pocketed 470 million won ($360,153) worth of cryptocurrency acquired through ransomware attacks on South Korean firms. Some of the stolen funds are believed to have been sent to North Korea.

In October, South Korean authorities arrested several employees of a local IT company suspected of collaborating with Lazarus. According to the police, over four years, the firm collected 3.4 billion won (~$2.5 million) in recovery costs from more than 700 companies that had their systems infected with ransomware distributed by the North Korean hackers.