North Korean Hackers Attack South Korean Defense Companies

JAKARTA - North Korea's main hacker groups have carried out "total" cyber attacks on South Korean defense companies for more than a year. According to South Korean police on Tuesday, April 22, the hackers hacked the company's internal network and stole technical data.

Police have declared hacking teams linked to North Korean intelligence forces and are known as Lazarus, Kimsuky, and Andariel to have planted malicious codes in defense company data systems either directly or through contractors working with them.

Police, in collaboration with a team of national intelligence agents and private sector experts, tracked the hacking attacks on the groups, identified them through the source's IP address, signal re-enrichment architecture, and the signatures of the malwares used.

In a case that began in November 2022, hackers planted code in the company's public network which subsequently infected its intranets when security programs protecting the internal system were temporarily disabled for network testing.

Hackers are also taking advantage of simple security negligence by subcontractor employees who use the same code for their personal and official email accounts, hack the defense company's network and extract secret technical data.

Police did not mention the names of companies that had been hacked or the type of data that had been hacked.

South Korea has become a major global defense exporter, with contracts signed in recent years to sell billions of dollars worth of moving cannons, tanks and warplanes.

North Korean hacker groups have infiltrated South Korean financial and media agency systems, foreign defense companies, and, in a major security breach in 2014, to South Korea's nuclear power plant operator.

North Korean hackers are believed to be behind the theft of large cryptocurrencies, with stolen funds channeled to its weapons program. Meanwhile North Korea denies involvement in crypto hacking or theft operations.