A North Korean hacking organization reportedly attempted to hack defense companies worldwide by disguising themselves as recruiters.
The National Intelligence Service of South Korea, in collaboration with Germany’s Federal Office for the Protection of the Constitution (BfV), issued a cybersecurity warning on February 19. This alert aimed to mitigate the risk of cyberattacks within the defense sector, highlighting two specific incidents.
According to the National Intelligence Service, the North Korean hacking organization Lazarus has been using social engineering attacks to infiltrate defense companies since mid-2020.
First, disguising themselves as hiring managers on Linkedin, they approached defense industry employees to build rapport. They then lured victims to another social media platform with the offer to share advice on moving companies. They sent them job offers with PDF files to induce the installation of malware.
The North Korean hacking organization also circumvented and infiltrated marine and shipbuilding technology research institutes through maintenance companies. In late 2022, they first hacked a maintenance company with weak security and stole server account information, then infiltrated the agency’s server and attempted to spread malware to all employees.
When the malware was detected before mass distribution, the hacking organization attempted additional attacks, such as sending “spear-phishing” emails targeting specific individuals.
A National Intelligence Service official stated, “The North Korean hacking organization took advantage of the situation where remote maintenance was allowed due to Coronavirus and attempted to infiltrate internal servers,” and emphasized, “If a state or public institution requires maintenance from a partner company or national information security, please refer to Article 26 of the Guidelines.”
The National Intelligence Service and the German Federal Office for the Protection of the Constitution believe that North Korea has prioritized strengthening its military power and is focusing on stealing cutting-edge defense technology from around the world, using the theft technology to develop strategic weapons such as reconnaissance satellites and submarines.
Both organizations suggested that case studies should be provided to prevent social engineering hacking attacks from North Korea, and an open culture should be established where employees can comfortably report suspicious situations.
The National Intelligence Service shared that this is the second advisory announcement following the Suki Kim hacking organization group’s abuse of Google services in March last year. It also serves as a warning to North Korea stealing advanced defense technology worldwide and using it for weapon development.
A National Intelligence Service official stated, “North Korea’s cyber hacking is an efficient means to acquire weapon technology, and they will never give up,” and added, “We need to strengthen the security in the defense sector further.”
kukoo@news1.kr