According to South Korea’s police on Tuesday, major North Korean hacker gangs have been launching “all-out” cyberattacks against South Korean defense corporations for over a year, breaking into the companies’ internal networks and obtaining technical data.
Hacking groups known as Lazarus, Kimsuky, and Andariel—affiliated with North Korea’s intelligence agency—introduced harmful software into defense corporations’ data systems, either directly or through contractors who collaborated with them, according to police reports.
The police, working with a team of national spy agency and private sector experts, traced the hacks to the groups, identifying them by the source IP addresses, the re-routing architecture of the signals and the signatures of the malwares used, it said.
In a case that began in November 2022, the hackers planted a code in the company’s public network which then infected its intranet when the security program protecting the internal system was temporarily disengaged for a network test, it said.
The hackers also took advantage of the simple security lapse by employees at subcontractors who used the same passcodes for their private and official email accounts, breaching defence company networks and extracting confidential technical data.
The police did not name the companies that have been hacked or the nature of the data breached.
South Korea has emerged as a major global defence exporter, with contracts signed in recent years to sell mechanised howitzers, tanks and fighter jets valued at billions of dollars.
North Korean hacking groups have infiltrated the systems of South Korean financial institutions and news outlets, foreign defence companies, and, in a major security breach in 2014, into South Korea’s nuclear power operator.
North Korean hackers are believed to be behind major cryptocurrency thefts, with the stolen funds being channelled to its weapons programmes.
North Korea denies involvement in hacking operations or crypto heists.
