HQ/EMEAFind out how we can help your business
North Korean hacking gangs continue to pose a serious threat, as the National Police Agency in South Korea has warned the country’s defence industry. Attackers Lazarus, Andariel, and Kimsuky have been identified as the hackers responsible for a number of breaches that have been discovered targeting the nation’s defence contractors.
Exploiting weaknesses in the networks of the main defence industries and their subcontractors made the intrusions easier to achieve. These flaws made it possible for malware to be deployed and spread, allowing private technology information to be stolen. Remarkably, until authorities stepped in, a number of organisations were oblivious to these intrusions, which exposed a serious weakness in their cybersecurity posture.
Certain incidents highlight the advanced strategies these hacker groups use. For example, Lazarus profited from mismanaged network connection systems in the infrastructure of a defence industry. They have effectively penetrated internal networks since November 2022, gathering vital information from several machines and sending it to servers located overseas.
Andariel, on the other hand, targeted a maintenance company servicing defence subcontractors. By stealing an employee’s account information, they gained access to subcontractors’ servers, unleashing malware that led to substantial leaks of defense-related technical data. The situation was compounded by the reuse of passwords across personal and work accounts, exacerbating the breach’s impact.
The main focus of Kimsuky’s attack was taking advantage of a network weakness in a defence subcontractor’s email server. Between April and July 2023, this vulnerability enabled the unauthorised download of sizable files, which made it easier for important technical data to be stolen.
Authorities advise enhancing defence cybersecurity in South Korea.
The South Korean police have recommended strengthening cybersecurity measures in reaction to these concerning trends. They recommend improving network security segmentation, enforcing two-factor authentication on crucial accounts, implementing regular password resets, and preventing access from foreign IP addresses to defence businesses and subcontractors.
This occurrence highlights the significance of strong cybersecurity protocols in the defence industry. Sensitive national security information must be protected, and proactive steps and constant attention are required due to the dynamic tactics of malevolent actors.
Defence contractors in South Korea must pay attention to these cautions and strengthen their defences against the ever-changing threats posed by North Korean hacker groups.
