North Korean Hackers Steal Data from 10 South Korean Defense Companies

The South Korean National Police Agency confirmed that North Korean hackers had stolen data from 10 South Korean defense companies. The hackers, identified as members of the Lazarus, Kimsuky, and Andariel groups, are believed to have state backing and conducted extensive cyberattacks over the past 18 months, stealing sensitive technical data from the targeted defense companies.

According to the police investigation, the North Korean hackers breached the internal networks of these companies, either directly or through contractors, by exploiting vulnerabilities and security lapses. In one case, the hackers planted malicious code in a company's public network, which then infected the intranet when the security program was temporarily disengaged. They also compromised employee accounts, including those of subcontractors who used the same passwords for private and official email accounts.

The police traced the attacks to North Korea's intelligence apparatus by analyzing the source IP addresses, signal re-routing architecture, and malware signatures. "The perpetrators were identified based on the malware they used, their network infrastructure, and other indicators," stated a representative from the National Police Agency.

Why this matters: This incident highlights the persistent cybersecurity threats that South Korea faces from North Korean state-sponsored hacking groups. As South Korea has emerged as a major global defense exporter, the stolen technical data could potentially be used to advance North Korea's own military capabilities or be sold to other countries.

The South Korean authorities have warned that North Korea's hacking attempts targeting defense technology are expected to continue and have advised defense companies to implement robust security measures such as two-factor authentication, network segmentation, and access controls. The National Police Agency emphasized the need for more stringent cybersecurity defenses across South Korean defense firms and their subcontractors to address the ongoing threat of North Korean cyberattacks.

Key Takeaways

• North Korean hackers stole data from 10 South Korean defense firms over 18 months.
• Hackers from Lazarus, Kimsuky, and Andariel groups breached networks, exploiting vulnerabilities.
• Stolen data could advance North Korea's military capabilities or be sold to other countries.
• South Korea warns of continued hacking attempts and advises robust security measures.
• Authorities emphasize need for stringent cybersecurity across defense firms and subcontractors.