North Korean organizations hack defense contractors in South Korea according to police

According to authorities, hackers known as Lazarus, Kimsuky, and Andariel, who are connected to North Korea's intelligence services, insert destructive software into military corporations' data systems either directly or through contractors they collaborate with.

North Korean organizations hack defense contractors in South Korea according to police

According to authorities, hackers known as Lazarus, Kimsuky, and Andariel, who are connected to North Korea's intelligence services, insert destructive software into military corporations' data systems either directly or through contractors they collaborate with.

 

According to South Korea's police on Tuesday, April 23, major North Korean hacker gangs have been launching "all-out" cyberattacks against South Korean defense industries for more than a year, gaining access to technical data by getting into the internal networks of the companies.

 

The police claim that hackers with ties to North Korea's intelligence services, Lazarus, Kimsuky, and Andariel, either directly or through contractors they hired, inserted malicious software into the defense industry' data systems.

 

The police were able to connect the attacks to the groups by examining the source IP addresses of the signals, the rerouting architecture of the signals, and the malware signatures in collaboration with a team of professionals from the national intelligence agency and the commercial sector.

 

In a case that started in November 2022, the hackers accessed the company's public network by planting a code, and when the internal system's security software was suddenly deactivated for a network test, the code propagated to the company's intranet.

 

The hackers exploited a basic security lapse on the part of subcontractor employees, who used the same passcodes for their personal and work email accounts, to enter defense business networks and retrieve important technical data.

 

The police did not reveal the type of data that was compromised or the identities of the companies that were affected.

 

With recent deals worth billions of dollars to deliver mechanized howitzers, tanks, and fighter jets, South Korea has become one of the world's leading defense exporters.

 

North Korean hacking gangs have gained access to the networks of international defense companies, financial institutions, news outlets, and, in a major security breach in 2014, South Korea's nuclear power operator.

 

North Korean hackers are believed to have committed significant bitcoin thefts, using the money they stole to fund their weapons development.



News source:

https://www.rappler.com/technology/north-korea-groups-hack-south-defense-contractors/