1 October 2024

North Korean hackers target German missile manufacturer Diehl


North Korean hackers target German missile manufacturer Diehl

The North Korean state-backed hacker group Kimsuky (aka APT43) launched a sophisticated phishing campaign against German defense contractor Diehl Defense, which manufactures the IRIS-T air defense missile system. The attack, first reported by German news outlet Der Spiegel, was aimed at infecting the computers of Diehl employees with spyware.

According to security researchers from Google’s subsidiary Mandiant, Kimsuky used fake job offers, supposedly from major US defense firms, to lure their targets. Once employees opened the malicious attachments, they were redirected to a counterfeit website designed to infect their systems with malware. This allowed them to gain access to sensitive information.

In an attempt to evade detection, the hackers used a server named ‘Uberlingen,’ a name similar to Diehl’s location near Lake Constance in southern Germany. They also set up bogus web pages that mimicked popular German online services, such as Telekom and GMX, to make the phishing attempt appear more legitimate.

The Federal Office for Information Security (BSI) confirmed the attack, noting that it was part of a broader campaign by Kimsuky, which has been targeting various organizations in Germany.

Since May, BSI has been monitoring the suspicious network activities linked to this attack, and Diehl Defense is not the only company affected. Other German organizations are also believed to be under threat from this ongoing cyber campaign.


Back to the list

Latest Posts

Hackers hijack high-level accounts and sensitive data of JAXA’s execs

Hackers hijack high-level accounts and sensitive data of JAXA’s execs

The attackers commandeered roughly 200 accounts, including those of senior officials and members of JAXA’s leadership team.
7 October 2024
Over 100 orgs breached in BabyLockerKZ ransomware attacks

Over 100 orgs breached in BabyLockerKZ ransomware attacks

BabyLockerKZ is an updated variant of the MedusaLocker ransomware.
7 October 2024
Chinese hackers reportedly compromise US court wiretap systems

Chinese hackers reportedly compromise US court wiretap systems

The attack targeted major US telecom companies including Verizon, AT&T, and Lumen Technologies.
7 October 2024