South Korea has issued an emergency warning about an increase in cyber attacks from North Korea.
South Korean police have warned of cyberattacks by North Korean hacker groups targeting defense industry enterprises to steal valuable technological information.
The police recorded several cases of successful hacking of defense companies in South Korea, which were carried out by the hacker groups Lazarus, Andariel and Kimsuky, which are part of the"North Korean hacking apparatus".
According to the announcement, attackers have infiltrated organizations by exploiting vulnerabilities in the environments of targets or their subcontractors to install malware that can exfiltrate data.
Law enforcement agencies previously conducted a special inspection from January 15 to February 16 and implemented protective measures to ensure the security of critical networks. The operation uncovered numerous companies that had been compromised since the end of 2022, but were not aware of the breach until the authorities informed them.
The police described 3 cases of attacks, each of which is associated with the mentioned hacker groups, which used a variety of attack methods aimed at stealing defense technologies.
The Korean police recommend that both defense companies and their subcontractors improve network segmentation, periodically reset passwords, set up two-factor authentication on all critical accounts, and block access from abroad.
South Korean police have warned of cyberattacks by North Korean hacker groups targeting defense industry enterprises to steal valuable technological information.
The police recorded several cases of successful hacking of defense companies in South Korea, which were carried out by the hacker groups Lazarus, Andariel and Kimsuky, which are part of the"North Korean hacking apparatus".
According to the announcement, attackers have infiltrated organizations by exploiting vulnerabilities in the environments of targets or their subcontractors to install malware that can exfiltrate data.
Law enforcement agencies previously conducted a special inspection from January 15 to February 16 and implemented protective measures to ensure the security of critical networks. The operation uncovered numerous companies that had been compromised since the end of 2022, but were not aware of the breach until the authorities informed them.
The police described 3 cases of attacks, each of which is associated with the mentioned hacker groups, which used a variety of attack methods aimed at stealing defense technologies.
- Lazarus used poorly managed network connection systems designed for testing and penetrated the defense company's internal networks from November 2022. After breaking into the network, hackers collected critical data stored on at least six of the firm's computers and transferred it to a cloud server abroad.
- Andariel stole the account credentials of an employee of a company that serves defense subcontractors. Using the stolen account in October 2022, cybercriminals installed malware on the servers of subcontractors, which led to leaks of defense and technical data.
- Kimsuky exploited a vulnerability in a subcontractor's mail server between April and July 2023, allowing bulk files to be uploaded without the need for authentication. The flaw was used to download and steal technical data from the company's internal server.
The Korean police recommend that both defense companies and their subcontractors improve network segmentation, periodically reset passwords, set up two-factor authentication on all critical accounts, and block access from abroad.
