North Korean hackers target South Korean defence firms

South Korean police disclosed that major North Korean hacking groups have been relentlessly conducting cyber assaults on South Korean defence firms for over a year. These attacks have resulted in breaches of internal networks and the theft of crucial technical data. Identified groups include Lazarus, Kimsuky, and Andariel, all linked to North Korea’s intelligence apparatus.

Hackers successfully infiltrated networks using various methods, such as planting malicious codes directly into defence companies’ systems or through their contractors. Police, collaborating with national spy agencies and private sector experts, tracked these attacks. They used indicators such as source IP addresses, signal rerouting architecture, and malware signatures to identify the perpetrators.

One notable case, dating back to November 2022, saw hackers inserting a code into a company’s public network. This code later infected the intranet during a temporary disengagement of the internal security system for a network test. Exploiting security oversights, hackers gained entry through subcontractors’ accounts, who used identical passcodes for personal and official email accounts, extracting confidential technical data.

Although the police did not disclose the affected companies or the specifics of the data breaches, South Korea has become a significant global defence exporter. In recent years, lucrative contracts for items such as mechanised howitzers, tanks, and fighter jets have been valued at billions of dollars. This latest revelation underscores the persistent threat posed by North Korean cyber operations, which extend beyond national borders and target critical industries worldwide.