13 August 2024

South Korean authorities accuse North Korean hackers of stealing military data


South Korean authorities accuse North Korean hackers of stealing military data

South Korea's ruling People Power Party (PPP) claim that North Korea-backed hackers have stolen crucial information about the K2 “Black Panther” main battle tank and two of the country's key spy planes, the “Baekdu” and “Geumgang.”

The K2 “Black Panther” is a highly advanced tank developed by South Korea's Agency for Defense Development and produced by Hyundai Rotem. Introduced in 2008, each unit of the K2 costs $8.5 million, with 260 currently in service and another 150 planned for future deployment.

According to local media reports on Friday, the breach occurred when engineers from a part manufacturer for the K2 tank defected to a competing firm. These engineers reportedly took with them external storage drives containing sensitive information, including design blueprints, development reports, and details about the tank's sophisticated overpressure system. The new employer allegedly attempted to export this technology to a Middle Eastern country, raising concerns that the leak may have extended beyond South Korea's borders.

In a separate incident, North Korean hackers reportedly had targeted a South Korean defense contractor responsible for producing operational and maintenance manuals for various military equipment, including the Baekdu and Geumgang spy planes. These aircraft have played a critical role in South Korea's intelligence-gathering operations for the past two decades, providing vital imagery intelligence (IMINT) and signals intelligence (SIGINT) by monitoring North Korea's military activities.

The hackers are believed to have stolen extensive technical data on the two planes, including details about their technology, recent upgrades, operational capabilities, and maintenance protocols.

Earlier this month, South Korea's National Intelligence Service, the Prosecutors' Office, the National Police Agency, the Defense Security Command, and the Cyber Operations Command, issued a joint cybersecurity advisory to warn about the increasing cyber threats posed by North Korean hacking groups targeting the country's construction and machinery sectors.

Additionally, a recent report from cybersecurity firm Resilience has linked the North Korea-affiliated threat actor known as Kimsuky to a new wave of cyberattacks targeting university staff, researchers, and professors. These attacks, primarily carried out through phishing campaigns, aim to infiltrate university networks for espionage purposes.


Back to the list

Latest Posts

What is Vulnerability Management? A Beginner's Guide

What is Vulnerability Management? A Beginner's Guide

In this article will try to cover basics of vulnerability management process and why it is important to every company.
11 September 2024
Cyber Security Week in Review: September 6, 2024

Cyber Security Week in Review: September 6, 2024

In brief: the US charges Russian GRU hackers for attacks on Ukraine, Apache, Cisco, Zyxel patch high-risk flaws, Google fixes Android zero-day, and more.
6 September 2024
Threat actors using MacroPack Red Team framework to deploy Brute Ratel, Havoc and PhantomCore

Threat actors using MacroPack Red Team framework to deploy Brute Ratel, Havoc and PhantomCore

Some of the documents appeared to be part of legitimate Red Team exercises, while other were intended for malicious purposes.
5 September 2024