Alarm Sounded Over Major North Korea Hacks

North Korean hackers have stolen technical data from South Korean defense companies, Seoul says.

The hacking groups, which are believed to have North Korea's state backing, mounted the "all-out" cyberattacks for over a year, Korean National Police Agency said Tuesday, warning others in the industry to beef up security.

South Korea's defense industry has emerged as a major player in global arms trade with contracts for a range of weapons platforms, including advanced fighter jets, self-propelled howitzers, and naval vessels. The theft came amid heightened friction between the uneasy neighbors as Pyongyang presses forward with ballistic missile tests and its nuclear weapons program.

The South Korean authorities traced the cyberattacks targeting the firms, which were not named in the report, to IP addresses known to be used by three hacking organizations—Lazarus Group, Kimsuky, and Andariel.

In one of the cyber operations, which began in November 2022, hackers infiltrated its target by infecting the company's intranet with malware via its public network. This occurred while the security program was temporarily down during a network test.

Analysis confirmed that "important data" had been siphoned from six computers to cloud servers located overseas, the police said.

Newsweek reached out to the North Korean embassy in Beijing, China, with a written request for comment.

In a case that began around October of that year, the hackers gained access to a defense contractor by taking advantage of an opening: employees of a server maintenance company who used the same passwords for both private and company email accounts.

"As North Korea's hacking attempts targeting defense technology are expected to continue, we ask not only defense companies but also their suppliers to strengthen security measures," the police agency said.

It went on to advise security measures such as keeping internal and public networks separate, setting up two-factor authentication, regularly changing email passwords, and blocking unauthorized IP addresses.

"North Korea's cyber program will pose a sophisticated and agile espionage, cybercrime, and attack threat. Pyongyang's cyber forces have matured and are fully capable of achieving a variety of strategic objectives against diverse targets, including a wider target set in the United States and South Korea," the U.S. Office of the Director of National Intelligence said in its 2024 threat assessment report released in February.

The ODNI said the reclusive country is also leveraging its capabilities "to launder and cash out stolen cryptocurrency; and maintain a program of IT workers serving abroad to earn additional funds."