North Korean hackers breach Russian missile maker, says US research firm

Seoul, Aug 8 (EFE).- North Korean hackers have intruded the computer systems of a Russian missile manufacturer, as revealed by US-based cybersecurity firm SentinelOne.

These hackers successfully breached the systems of NPO Mashinostroyeniya at least five times last year, according to an investigation conducted by the research firm specializing in cyber risk analysis.

The researchers noted that they discovered at least two instances of compromised “sensitive internal IT infrastructure” of the Russian defense industrial base organization.

This included a specific email server, along with the utilization of a Windows backdoor referred to as OpenCarrot.

The trails of these cyberattacks led to Lazarus and ScarCruft, two hacker groups linked to North Korea.

The researchers stated that they couldn’t definitively determine the nature of the relationship between these two threat actors.

They speculated that the actors might have acted independently but with a shared goal of extracting sensitive data from Russia, according to the report.

The intrusion, which occurred between late 2021 and May 2022, could be considered “a highly desirable strategic espionage mission – supporting North Korea’s contentious missile program.”

The Russian defense company has played a pivotal role in the development of Russian hypersonic missiles, next-generation ballistic missile technologies, and satellite systems. These areas are of significant interest to Pyongyang as it seeks to modernize its weaponry.

Mashinostroyeniya is a sanctioned entity that possesses highly confidential intellectual property on sensitive missile technology, both currently in use and under development for the Russian military.

The researchers pointed out that the North Korean hostile actors garnered attention due to various attacks over the past year.

These include “new reconnaissance tools, (multiple) new supply chain intrusions, elusive multi-platform targeting, and new sly social engineering tactics.”

“With a high level of confidence, we attribute this intrusion to threat actors independently associated with North Korea,” the research firm said.

“Based on our assessment, this incident stands as a compelling illustration of North Korea’s proactive measures to covertly advance their missile development objectives, as evidenced by their direct compromise of (the) Russian organization.”

The researchers emphasized that the convergence of North Korean cyber threat actors represents “a profoundly consequential menace warranting comprehensive global monitoring.”

“Operating in unison as a cohesive cluster, these actors consistently undertake a diverse range of campaigns motivated by various factors.”

The firm stressed that addressing and mitigating this threat with utmost vigilance and strategic response had become crucial.

This information about the cyberattack comes after North Korea invited a Russian representative last month to commemorate the 70th anniversary of the end of the Korean War (1950-53).

During his visit to Pyongyang, Russian Defense Minister Sergei Shoigu held meetings with North Korean leader Kim Jong-un.

The two sides discussed bilateral cooperation in areas such as defense and security. These discussions occurred amid Western allegations that the reclusive nation was secretly and illegally supplying weapons to Moscow for its invasion of Ukraine. EFE

Related Articles

Back to top button