It turned out that a North Korean hacker group had invaded the network of a Russian missile technology company
KB Masinostroyenya (KBM), which is engaged in missile development in Russia, and launched a cyber attack. became clear.
Hacker groups called ScarCruft and Lazarus, which are supported by the North Korean government, infiltrated the network of
Comrades in Arms? | North Korea Compromises Sanctioned Russian Missile Engineering Company - SentinelOne
Exclusive: North Korean hackers breached top Russian missile maker | Reuters
North Korean hacker invades Russian missile company Targets friendly countries | Reuters
North Korean hackers 'ScarCruft' breached Russian missile maker
According to a survey by cyber security company SentinelOne, KBM had a breach of highly confidential internal infrastructure in parallel with the use of a Windows backdoor called OpenCarrot. The breach of the e-mail server is due to the threat actor 'ScarCruft', and separately from this, 'Lazarus' seems to be using a backdoor to compromise the network. The relationship between 'ScarCruft' and 'Lazarus' is not clear in the survey.
KBM holds intellectual property in missile technology, including those currently in use by the Russian military.
The hacking damage is believed to have continued for at least five months from 2021 to 2022, but it is not clear what information was stolen. According to SentinelOne, KBM IT personnel noticed suspicious communication between a specific process and an unknown external infrastructure in May 2022.
From various sources, SentinelOne asserts with high confidence that this KBM hack was the work of a North Korean threat actor, stating that 'North Korea's aggressive A real example of good behavior,” he said.
in Security, Posted by logc_nt