South Korea’s police department has disclosed that major North Korean hacking groups have been conducting extensive cyber assaults on South Korean defense companies for over a year. These attacks have breached the internal networks of these firms, leading to the theft of valuable technical data.
According to authorities, hacking units associated with North Korea’s intelligence operations, notably Lazarus, Kimsuky, and Andariel, implanted malicious software into the data systems of defense companies either directly or via their affiliated contractors.
Working in collaboration with national intelligence experts and professionals from the private sector, the police were able to trace the origin of these attacks. They identified the hacking groups by analyzing source IP addresses, the routing structure of the signals, and the characteristics of the malware deployed.
One notable incident, which commenced in November 2022, involved hackers inserting a malicious code into a company’s public network. This code subsequently infiltrated the intranet when the security protocols protecting the internal system were momentarily disabled for a network evaluation.
Exploiting a security oversight by employees at subcontractors who used identical passwords for personal and professional email accounts, the hackers gained access to defense company networks and extracted sensitive technical information.
The police refrained from disclosing the names of the affected companies or the specifics of the data compromised.
South Korea has positioned itself as a significant global defense exporter, securing contracts worth billions of dollars for the sale of mechanized howitzers, tanks, and fighter jets in recent years.
This revelation adds to a string of cyber breaches attributed to North Korean hackers, who have previously targeted South Korean financial institutions, media outlets, foreign defense contractors, and, notably, breached South Korea’s nuclear power operator in 2014.
While North Korea has consistently denied involvement in hacking activities or cryptocurrency theft, these incidents raise concerns about the nation’s cyber capabilities and their potential implications for global security.