North Korean hackers have been hacking 10 South Korean defense contractors for months

It has been discovered that a North Korean hacker group has been conducting coordinated attacks on South Korea's defense industry in order to steal defense technology.

N. Korean hackers breached 10 defense contractors in South Korea for months, police say

According to South Korean police, several North Korean hacking groups, including the well-known hacker group 'Lazarus,' have launched attacks on about 10 South Korean defense industry companies and stolen defense technology.

The groups believed to be involved in the hack are Lazarus, Andariel, and Kimsuky, all of which are considered by the US government to be 'backed by the North Korean government.'

The attack methods were diverse, and the group targeted not only defense companies, but also other companies that partnered with or outsourced to defense-related companies. It is determined that the hacker group infiltrated the defense companies' main servers and hacked partner and outsourcing companies with relatively weak security, planting malicious code.

According to reports, the code used by Lazarus was used to send data from six computers, including those belonging to employees of a South Korean company, to an overseas cloud server. Andariel reportedly infiltrated an outsourcing company that maintains and manages the servers of a defense industry partner company, gained access to staff email accounts, and stole information.

South Korean police authorities announced that 'based on factors such as IP addresses, routing methods, and types of code, we have determined that a North Korean hacking organization is involved in the attack.' Based on the information obtained, it is estimated that the hacking took place over at least one month from October 2022 and three months from April 2023, and some companies were not aware of the hacking at all when the special investigation began in January 2024.

A police official said, 'The malicious code was still active when the investigation began. We may have only detected the tip of the iceberg, and there may be more attacks that have not yet been uncovered.' 'North Korean hacking groups are known to divide up missions, but this is the first time they have launched a coordinated, all-out attack with a common goal of seizing defense industry technology.'