North Korea Cyber Hack Hits US Ally | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

A North Korean cyberattack successfully infiltrated a strategic industry and lifted data that could help it overcome a technological blockade, an intelligence disclosure by the South said on Monday.

In a warning to South Korea‘s chipmakers and the wider semiconductor industry, the National Intelligence Service (NIS), Seoul’s main spy agency, said at least two companies were targeted in the last three months. Hackers stole design drawings as well as photographs of equipment, the NIS said.

North Korea‘s state-backed cyber actors hit “Company A” and “Company B” in December, according to the disclosure, which said Company B was hit again last month.

Kim Jong Un’s economy is struggling due to poor central planning and the weight of international sanctions, which are likely to remain as he steps up ballistic missile launches and threatens to restart nuclear tests.

North Korea has turned to cyber hacking to fund its defense industry, targeting everything from state secrets to cryptocurrency. Kim’s government has also allegedly engaged in arms trading with Russia to help advance its military capabilities, including a recently launched spy satellite.

It was not the first time cyber actors linked to the regime in Pyongyang had been accused of stealing secrets from Seoul’s strategic industries. But this comes at a particularly fractious time in North-South relations, with Kim having abandoned any hopes of reconciliation on the peninsula.

Semiconductors have become a strategic commodity of late. The tiny microchips are used in everything from kettles and electric cars to guided missiles and fighter jets.

The U.S., eager to ensure the most advanced chipmaking know-how stays in allied hands, has in recent years moved to swiftly cut off China’s access to the latest technologies, although the policy is only expected to slow, rather than stop, Beijing’s heavily subsidized chipmakers.

This pool image distributed by the Sputnik agency shows North Korean leader Kim Jong Un visiting the Vostochny Cosmodrome in Russia’s far eastern Amur region on September 13, 2023. South Korea main intelligence agency warned…
This pool image distributed by the Sputnik agency shows North Korean leader Kim Jong Un visiting the Vostochny Cosmodrome in Russia’s far eastern Amur region on September 13, 2023. South Korea main intelligence agency warned the country’s chipmaking industry on March 4 that the North’s cyber hackers were attempting to steal strategic data.


North Korea lacks the same resources, especially in technical training, and is using sophisticated hacking techniques to get its hands on the latest industry knowledge, according to the South.

Seoul’s chief intelligence service believes heavily sanctioned Pyongyang “may have begun preparing to produce its own semiconductors” due to difficulties procuring chips from other parties. North Korean demand for the technology is increasing in order to develop weapons such as satellites and missiles, the agency said.

South Korea said the North’s hacking group, which was not identified by name, targeted the companies through servers connected to the internet. The alleged culprit used a method known as “living off the land,” which makes cyberattacks on vulnerable systems much more difficult to detect.

Guidance issued in February by the Cybersecurity and Infrastructure Security Agency, the National Security Agency and the Federal Bureau of Investigation said the technique was frequently used by “People’s Republic of China and Russian Federation state-sponsored actors.”

“LOTL [living-off-the-land attacks] enables threat actors to conduct their operations discreetly as they can camouflage activity with typical system and network behavior, potentially circumventing basic endpoint security capabilities,” the joint advisory said.

South Korea said hacking victims were notified and the industry was cautioned to increase its cybersecurity measures, including by conducting its own checks.

“We must implement security updates and access control for servers exposed to the internet, and thoroughly manage accounts, including strengthening administrator authentication on a regular basis,” an unnamed intelligence official was quoted as saying in the NIS report.

South Korea said 80 percent of cyberattacks hitting its public institutions have been tracked back to the North.

The North Korean Embassy in Beijing did not answer multiple calls seeking comment.