close
close
orange

Korean hackers have been breaching 10 defense contractors in the South for months, police say

Vaseline

(Clipart Korea)

(Clipart Korea)

South Korean police have found evidence pointing to a concerted attack on defense industry companies by North Korean hacking organizations, including the Lazarus Group, to obtain defense technology.

Police also said the attack methods were varied, with numerous hacking organizations mobilized to attack not only defense companies, but also other companies in collaboration and outsourcing relationships with them.

The National Police Investigation Headquarters announced on Monday that it had confirmed an attack by North Korean hacking organizations, including Lazarus, Andariel and Kimsuky, that targeted about 10 South Korean defense companies and obtained defense technology.

The organizations were determined to penetrate the servers of key defense companies to plant malicious code, either by infiltrating the companies directly or by hacking partners and outsourcing companies with relatively vulnerable security.

Based on factors such as IP addresses, routing methods and types of code, police determined that North Korean hacking organizations were responsible for the attack.

Because some companies were completely unaware of the hacking at the time a special inspection was launched in January, some suggest that North Korea’s technology acquisition may have continued for some time.

The dates set by police for North Korea’s technology seizure were between the months of October to November in 2022 and April to July in 2023. Police also explained that they could only speculate on when the information was seized and that the specific attack period could occur. are not determined.

But a police official said the malicious code was “still active when the investigation was launched,” adding that “we may have only discovered the tip of the iceberg.”

North Korea’s methods in carrying out the attack to steal technology from South Korea’s defense industry were varied, with partner and outsourcing companies also targeted.

Lazarus used an approach that involved hacking into the target company’s remote Internet server to plant the code and infiltrate the company’s internal network. The investigation revealed that this method had been used to move important data from six computers to a foreign cloud, including computers belonging to the development team.

Andariel, who primarily stole military technology, gained access by gaining control of the regular Naver and Kakao email accounts of staff from outsourcing companies that performed maintenance and repairs on servers of defense industry partner companies. In this case, she took advantage of the fact that some staff members used the same ID and password for their personal email and their work account at the company in question.

Kimsuky, the best-known North Korean hacking organization, intercepted information by exploiting weaknesses in the groupware email servers of partner companies.

A law enforcement official said this was “the first instance we have found of North Korean hacking organizations – known to divide their duties in the past – carrying out a coordinated all-out attack with the common goal of seizing technology from the defense industry. .”

Historically, it is known that Kimsuky mainly targeted government organizations and politicians, while Lazarus and Andariel targeted financial institutions and defense institutions respectively. Police also determined that Lazarus had spearheaded a recently confirmed infiltration of computer networks in the judiciary.

By Lee Ji-hye, staff reporter

Send questions or comments to ([email protected])

Related Posts