23 April 2024

North Korean hackers target South Korean defense contractors


North Korean hackers target South Korean defense contractors

South Korea's police have disclosed that North Korean hacking groups have been carrying out extensive cyber attacks against South Korean defense companies for over a year, resulting in the breach of internal networks and theft of technical data, Reuters reported.

South Korea has emerged as a significant global defense exporter in recent years, securing contracts worth billions of dollars for military equipment such as mechanized howitzers, tanks, and fighter jets.

The hacking teams, believed to be affiliated with North Korea's intelligence apparatus, including groups known as Lazarus, Kimsuky, and Andariel, have been identified as the perpetrators behind these cyber intrusions described as “all-out” by authorities. According to police reports, the attackers deployed malware into the data systems of defense companies, either directly or through contractors associated with them.

Working in collaboration with experts from the national spy agency and the private sector, law enforcement officials were able to trace the origin of the hacks. They identified the hacking groups based on source IP addresses, signal re-routing architecture, and malware signatures used in the attacks.

One notable incident cited by authorities occurred in November 2022, where hackers implanted a code into a company's public network. This code then spread to the intranet when the internal security system was momentarily disabled for a network test.

Additionally, hackers exploited security vulnerabilities introduced by subcontractors who utilized identical passcodes for both personal and official email accounts, gaining unauthorized access to defense company networks and exfiltrating confidential technical data.


Back to the list

Latest Posts

Threat actors abusing Foxit PDF Reader flaw to deploy multiple malware variants

Threat actors abusing Foxit PDF Reader flaw to deploy multiple malware variants

The flaw involves Foxit PDF Reader's handling of pop-up messages.
20 May 2024
China-linked APT group uses malware to spy on commercial shipping

China-linked APT group uses malware to spy on commercial shipping

Mustang Panda infiltrated the computer systems of cargo shipping companies in Norway, Greece, and the Netherlands.
20 May 2024
The Grandoreiro malware is back up and running after January disruption

The Grandoreiro malware is back up and running after January disruption

Grandoreiro now targets over 1,500 banks worldwide, spanning more than 60 countries across Central and South America, Africa, Europe, and the Indo-Pacific region.
20 May 2024