Major North Korean hacking groups have gone “all out”. Cyber attacks For more than a year, South Korean defense companies have been under investigation for breaching the firms’ internal networks and stealing technical data, South Korean police said on Tuesday.
The hacking teams are linked to North Korea’s intelligence apparatus and are known as Lazarus, Kumsuki And Andriel injected malicious code into defense companies’ data systems either directly or through contractors working with them, police said.
Police, working with the National Intelligence Agency and a team of private sector experts, traced the groups’ hacks, identifying them by source IP addresses, the rerouting architecture of the signals and the signatures of the malware used.
It said that in the case, which began in November 2022, hackers planted code in the company’s public network that affected its intranet during network tests of security programs protecting internal systems. Temporarily disconnected.
Hackers also took advantage of minor security lapses by employees of subcontractors who used the same passcodes for their private and official email accounts, breaching defense company networks and extracting confidential technical data.
Police did not name the companies that were hacked or the nature of the data breach.
South Korea has emerged as a major global defense exporter, signing contracts to sell mechanized howitzers, tanks and fighter jets worth billions of dollars in recent years.
North Korean hacking groups have infiltrated South Korean financial institutions and news outlets, foreign defense companies, and in a major security breach in 2014, South Korea’s nuclear power operator.
North Korean hackers are believed to be behind a major cryptocurrency theft, with the stolen funds being funneled into its weapons programs.
North Korea denies involvement in hacking operations or crypto-heists.
(Reporting by Jack Kim; Editing by Lincoln Fest.)