South Korea defense firms hit by North Korean attacks

North Koreans have been targeting defense firms in the South

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Multiple North Korean state-sponsored hacking groups have been attacking South Korean defense companies for more than a year, stealing login credentials and sensitive data.

AReutersreport, citing South Korea’s law enforcement, claims three major threat actors - Lazarus, Kimsuky, and Andariel, have been going after defense organizations and third-party contractors, planting malicious code in data systems, pulling out passwords and technical information.

The police managed to identify the attackers by tracking their source IP addresses, re-routing architecture of the signals, and themalwaresignatures.

Lazarus attacks again

The report did not state which organizations were targeted, or what the nature of the data was, butReutersdid hint that South Korea grew into a “major global defense exporter”, with fresh contracts to sell mechanized howitzers, tanks, and fighter jets. The deals were reportedly valued at billions of dollars.

While all three of these threat actors have made headlines before, Lazarus Group is probably the most infamous one. This group was observed targeting cryptocurrency businesses in the west, stealing millions of dollars in crypto tokens, with which the North Korean government apparently finances its nuclear weapons programs.

The biggest crypto heist to happen to this day is the April 2022 breach at the Ronin network, which resulted in the theft of $625 million in various cryptocurrencies. Ronin network is a cryptocurrency bridge developed by the same company behind the hugely popular blockchain-based game, Axie Infinity.

A bridge is a service that allows users to transfer crypto tokens from one network to another.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Besides Ronin, Lazarus Group was also confirmed to be behind the Harmony bridge attack, which happened in June 2022, and resulted in the theft of $100 million.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Scammers are using fake copyright infringement claims to hack businesses

HPE reveals critical security bug affecting networking access points

From Dishonored to Mafia: Definitive Edition, some of my favorite games are free right now for Amazon Prime members