South Korean defense companies hacked by North: Police | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

An official at the National Police Agency speaks during a briefing in Mapo District, western Seoul, on Tuesday. [YONHAP]

North Korean hackers breached the internal networks of 10 South Korean defense companies and stole technical data over the past 18 months, according to the National Police Agency on Tuesday.
In a joint investigation with the National Cyber Risk Management Unit and the National Intelligence Service, police found that three North Korean hacking groups — Lazarus, Andariel and Kimsuky — were behind most of the attacks.
Police said the hacks were aimed at stealing South Korean defense technology.
While police did not specify the scale of technological theft committed by the hacking groups, they noted that the targeted South Korean defense companies were unaware they had been attacked until after authorities began their investigation.
Police also said the hackers used methods consistent with past North Korean cyberattacks, such as planting malicious computer codes that exploit software vulnerabilities.
The attacks were routed through IP addresses located in Shenyang, northeastern China, with one of the addresses being the same as the one used in the hack of the Korea Water Resources Corporation in 2014.
According to police, the hackers primarily targeted South Korean defense manufacturers but also went after subcontractors with comparatively weaker cybersecurity measures.
In one instance that began in November 2022, hackers from Lazarus planted a code in a company’s public network, which later spread into its internal system when the security firewall was temporarily deactivated for a network test, police said.
In another case, the hacking group Andariel used the information it stole from a subcontractor in October 2022 to log into a defense company’s internal server and plant a code to steal technical data.
Andariel hackers could also infiltrate a defense subcontractor by targeting employees who used the same passcodes for their private and official email accounts.
In October last year, the NIS issued a warning to shipbuilders that North Korean-backed hackers could be trying to steal data to support the North’s own efforts to build more advanced military vessels.
The NIS said at the time it detected multiple attempts by North Korean hackers to infiltrate prominent South Korean shipbuilders between August and September.
The hacking attempts involved various methods, including attempting to gain unauthorized access by targeting the shipbuilders’ IT subcontractors and distributing malicious code through phishing emails sent to shipbuilders’ employees.
In addition to stealing technical data, North Korean hackers play a significant role in bankrolling the regime’s illicit weapons program.
Lazarus alone is estimated to have stolen $1.7 billion in multiple cyberattacks in 2022, according to a report by blockchain analysis company Chainalysis in February last year.
The company also estimated that North Korea-linked hackers have stolen over $3 billion from 2017 to 2022.
The growth in Pyongyang’s haul from cybercrime has corresponded with a sharp rise in missile tests by the regime.
About half of North Korea’s missile program has been funded by cyberattacks and cryptocurrency theft, according to Anne Neuberger, the U.S. deputy national security adviser for cyber and emerging technology, in May last year.

BY MICHAEL LEE [[email protected]]


Click Here For The Original Story From This Source.


National Cyber Security