Skip to content Skip to footer

New Report Reveals North Korean Hackers Targeting Defense Firms Worldwide

According to a joint advisory released by Germany's Federal Office for the Protection of the Constitution (BfV) and South Korea's National Intelligence Service (NIS), North Korean state-sponsored threat actors have been involved in a campaign to steal advanced defense technologies worldwide. The attacks are part of a more significant effort to modernize and improve the performance of conventional weapons and new strategic weapon systems, such as reconnaissance satellites, ballistic missiles, and submarines.

The cyber attacks have been carried out in two different incidents. The notorious Lazarus Group was blamed for the attack in the first incident. The group utilized social engineering techniques to infiltrate the defense sector as part of a long-standing operation called Dream Job. This campaign has been ongoing since August 2020 over several waves. In these attacks, the threat actors create fake profiles or use legitimate but compromised profiles on platforms like LinkedIn to approach prospective targets. They build trust with the targets and offer lucrative job opportunities before shifting the conversation to a different messaging service like WhatsApp to initiate the recruitment process. Victims are then sent assignments and job offer documents laden with that, when launched, activate the infection procedure to compromise their computers.

In the second case, another North Korea-based threat actor executed a software supply chain attack against an unnamed company responsible for maintaining one of the research centers' servers. The cyber actor further infiltrated the research facility by deploying remote-control through the research center's patch management system (PMS). He stole various account information and email content from business portals. The breach unfolded over five stages, including hacking into the server maintenance company, stealing SSH credentials, gaining remote access to the research center's server, downloading additional malicious tooling using curl commands, including a tunneling software and a -based downloader, conducting lateral movement and plunder employee account credentials, leveraging the stolen security manager's account information to unsuccessfully distribute a trojanized update, and finally persisting within the target environment by weaponizing a file upload vulnerability in the website to deploy a shell for remote access and send spear- emails.

The BfV and NIS have warned that the attackers changed their tools throughout the campaign and demonstrated more than once that they can develop whatever is necessary to suit the situation. The attackers have taken advantage of the trustful relationship between the two entities, as they avoided carrying out a direct attack against their target, maintaining a high-security level.

This joint advisory reminds the defense sector to remain vigilant and take necessary precautions to protect their sensitive information and technologies against cyber-attacks.

Want to read more? Check out the original article available at The Hacker News!

Read More

Leave a comment

Newsletter Signup
Address

The Grid —
The Matrix Has Me
Big Bear Lake, CA 92315

01010011 01111001 01110011 01110100 01100101 01101101 00100000
01000110 01100001 01101001 01101100 01110101 01110010 01100101

You take the blue pill... the story ends, you wake up in your bed and believe whatever you want to believe. You take the red pill... you stay in Wonderland, and I show you how deep the rabbit hole goesMorpheus

Deitasoft © 2024. All Rights Reserved.