A threat actor linked to the North Korean government has infiltrated at least two semiconductor manufacturers in South Korea, the National Intelligence Service (NIS) revealed.
According to Seoul’s spy agency, the attacks, aimed at obtaining chipmaking equipment designs, occurred in December 2023 and February 2024. The campaign is believed to be part of North Korea's efforts to bypass sanctions and bolster its semiconductor capabilities for military purposes.
“The National Intelligence Service believes that North Korea may have begun preparing to produce its own semiconductors due to difficulties in procuring semiconductors due to sanctions against North Korea and increased demand due to the development of weapons such as satellites and missiles,” the agency said.
North Korean hackers breached the servers of the targeted firms, absconding with valuable product design blueprints and facility images.
The intruders employed a technique known as “living off the land,” which involves the use of legitimate tools and features already present in the target system to evade detection by security software. Exploiting vulnerabilities in internet-connected systems, the threat actors compromised servers responsible for maintaining computer infrastructure and security protocols.
The NIS didn’t disclose the targeted companies but said it notified the affected manufacturers of the cyber intrusion and shared threat intelligence about the attacks with other domestic semiconductor firms.
