South Korean defense companies hit by North Korean attacks
Multiple state-sponsored North Korean hacking groups have been attacking South Korean defense companies for more than a year, stealing credentials and sensitive data.
a Reuters Citing law enforcement in South Korea, the report alleges that three major threat actors – Lazarus, Kimsuky and Andariel – have gone after defense organizations and third-party contractors, planting malicious code in data systems and extracting passwords and technical information.
Police managed to identify the attackers by tracking their source IP addresses, rerouting the architecture of the signals and the malware signatures.
Lazarus attacks again
The report did not specify which organizations were targeted, or what the nature of the data was, but Reuters did hint that South Korea was becoming a “major global defense exporter,” with new contracts for the sale of mechanized howitzers, tanks and fighter jets. The deals were reportedly valued at billions of dollars.
While all three of these threat actors have made headlines before, Lazarus Group is probably the most infamous. This group was observed targeting cryptocurrency companies in the West and stealing millions of dollars worth of crypto tokens, which the North Korean government apparently uses to fund its nuclear weapons programs.
The largest crypto heist to date is the Ronin Network breach in April 2022, which resulted in the theft of $625 million worth of various cryptocurrencies. The Ronin Network is a cryptocurrency bridge developed by the same company behind the hugely popular blockchain-based game Axie Infinity.
A bridge is a service that allows users to transfer crypto tokens from one network to another.
In addition to Ronin, Lazarus Group was also confirmed to be behind the Harmony Bridge attack, which took place in June 2022 and resulted in the theft of $100 million.