Major North Korean hacking groups have mounted relentless cyber attacks against South Korean defense companies for over a year. These attacks have compromised the firms’ internal networks and resulted in the theft of technical data, according to South Korea’s police.
Hacking teams linked to North Korea’s intelligence apparatus, known as Lazarus, Kimsuky, and Andariel, have planted malicious codes in the data systems of defense companies. They have gained access to these systems either directly or through contractors working with the companies.
The police, collaborating with a team of national spy agency and private sector experts, have traced the hacks to these groups. They have identified them based on the source IP addresses, the re-routing architecture of the signals, and the signatures of the malware used.
In one case that began in November 2022, the hackers planted a code in a company’s public network. This code then infected its intranet when the security program protecting the internal system was temporarily disengaged for a network test.
The hackers also exploited security lapses by employees at subcontractors who used the same passcodes for their private and official email accounts. This allowed them to breach defense company networks and extract confidential technical data.
The police have not disclosed the names of the hacked companies or the nature of the data breached. South Korea has become a major global defense exporter, with recent contracts for billions of dollars to sell mechanized howitzers, tanks, and fighter jets.
North Korean hacking groups have a history of infiltrating the systems of South Korean financial institutions, news outlets, foreign defense companies, and even South Korea’s nuclear power operator in a major security breach in 2014. They are also believed to be responsible for major cryptocurrency thefts, with the stolen funds being used to support their weapons programs. Despite these allegations, North Korea denies any involvement in hacking operations or crypto heists.
