Identity, Vulnerability Management, Threat Intelligence

South Korean defense firms subjected to North Korean APT attacks

North Korea flag is depicted on the screen with the program code. The concept of modern technology and site development

North Korean state-sponsored advanced persistent threat operations Lazarus Group, Kimsuky, and Andariel were noted by South Korea's National Police Agency to have targeted several South Korean defense industry entities since late 2022 in a bid to obtain intelligence regarding defense technologies, reports Security Affairs.

Vulnerable infrastructure prompted the Lazarus Group to breach a defense organization in November 2022, which resulted in the compromise of at least six internal computers along with the entity's internal network and sensitive data, while Andariel leveraged account credentials from an employee of a defense contractor's third-party to distribute malware that facilitated the theft of technical information regarding defense technology, according to an advisory from the National Police Agency.

On the other hand, attacks against a defense subcontractor's vulnerable email server have been conducted by Kimsuky from April to July 2023 to facilitate a significant exfiltration of technical data. The expected persistence of North Korean attacks should prompt the implementation of more robust cybersecurity defenses across South Korean defense firms and subcontractors, said the advisory.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.