South Korean police have revealed a major hacking campaign which saw defense secrets stolen by hackers from the north over the period of a year.
A report from the Korean National Police Agency (KNPA) published yesterday blamed the campaign on three North Korean state-backed groups: Lazarus, Kimsuky and Andariel.
Local reports claimed they targeted as many as 83 defense contractors and subcontractors, and managed to steal sensitive information from 10 of them between October 2022 and July 2023, although the campaign lasted over a year.
The KPNA revealed that some of the companies in question were “completely unaware” that they had been breached, when contacted by the police.
In what was described as an “all-out” assault by Pyongyang, the hacking groups used various techniques to achieve their goals.
In one case revealed by the KPNA report, the threat actors exploited a vulnerability in an email system which enabled them to download large files without authentication.
In another, they took advantage of poor password security to hijack the account of a third-party IT maintenance company and infected a defense contractor with malware that way. The employee whose account was breached had reportedly used the same password for private and corporate email.
In a third example shared by the KPNA, administrators paused security controls on an internal network during testing, which allowed their adversaries to compromise and exfiltrate sensitive data.
According to reports, the recently disclosed breaches may be the tip of the iceberg. One unnamed defense expert is quoted as saying, “North Korean arms are getting increasingly similar to those of the South. The shape of the KN-23, the North’s surface-to-surface missile recently identified is similar to the Hyunmoo-4, our ballistic missile.”
South Korea has become an increasingly important player in the global arms trade, signing contracts worth billions of dollars in recent years to sell howitzers, tanks and fighter jets, according to Reuters.