1 October 2024

North Korean hackers target German missile manufacturer Diehl


North Korean hackers target German missile manufacturer Diehl

The North Korean state-backed hacker group Kimsuky (aka APT43) launched a sophisticated phishing campaign against German defense contractor Diehl Defense, which manufactures the IRIS-T air defense missile system. The attack, first reported by German news outlet Der Spiegel, was aimed at infecting the computers of Diehl employees with spyware.

According to security researchers from Google’s subsidiary Mandiant, Kimsuky used fake job offers, supposedly from major US defense firms, to lure their targets. Once employees opened the malicious attachments, they were redirected to a counterfeit website designed to infect their systems with malware. This allowed them to gain access to sensitive information.

In an attempt to evade detection, the hackers used a server named ‘Uberlingen,’ a name similar to Diehl’s location near Lake Constance in southern Germany. They also set up bogus web pages that mimicked popular German online services, such as Telekom and GMX, to make the phishing attempt appear more legitimate.

The Federal Office for Information Security (BSI) confirmed the attack, noting that it was part of a broader campaign by Kimsuky, which has been targeting various organizations in Germany.

Since May, BSI has been monitoring the suspicious network activities linked to this attack, and Diehl Defense is not the only company affected. Other German organizations are also believed to be under threat from this ongoing cyber campaign.


Back to the list

Latest Posts

Rockstar 2FA phishing-as-a-service targets Microsoft 365 users with AiTM attacks

Rockstar 2FA phishing-as-a-service targets Microsoft 365 users with AiTM attacks

Rockstar 2FA appears to be an updated version of the DadSec (also known as Phoenix) phishing kit.
2 December 2024
Phishing campaign targeting tax professionals in Ukraine with Litemanager malware

Phishing campaign targeting tax professionals in Ukraine with Litemanager malware

CERT-UA attributes the activity to the financially motivated group UAC-0050.
2 December 2024
Hackers steal $17M from Uganda's central bank

Hackers steal $17M from Uganda's central bank

The attackers breached the central bank’s IT systems earlier this month and transferred the funds to various accounts.
2 December 2024