South Korea defense firms hit by North Korean attacks


Multiple North Korean state-sponsored hacking groups have been attacking South Korean defense companies for more than a year, stealing login credentials and sensitive data.
A Reuters report, citing South Korea’s law enforcement, claims three major threat actors – Lazarus, Kimsuky, and Andariel, have been going after defense organizations and third-party contractors, planting malicious code in data systems, pulling out passwords and technical information.
The police managed to identify the attackers by tracking their source IP addresses, re-routing architecture of the signals, and the malware signatures.
Lazarus attacks again
The report did not state which organizations were targeted, or what the nature of the data was, but Reuters did hint that South Korea grew into a “major global defense exporter”, with fresh contracts to sell mechanized howitzers, tanks, and fighter jets. The deals were reportedly valued at billions of dollars.
While all three of these threat actors have made headlines before, Lazarus Group is probably the most infamous one. This group was observed targeting cryptocurrency businesses in the west, stealing millions of dollars in crypto tokens, with which the North Korean government apparently finances its nuclear weapons programs.
The biggest crypto heist to happen to this day is the April 2022 breach at the Ronin network, which resulted in the theft of $625 million in various cryptocurrencies. Ronin network is a cryptocurrency bridge developed by the same company behind the hugely popular blockchain-based game, Axie Infinity.
A bridge is a service that allows users to transfer crypto tokens from one network to another.
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Besides Ronin, Lazarus Group was also confirmed to be behind the Harmony bridge attack, which happened in June 2022, and resulted in the theft of $100 million.
More from TechRadar Pro
Multiple North Korean state-sponsored hacking groups have been attacking South Korean defense companies for more than a year, stealing login credentials and sensitive data. A Reuters report, citing South Korea’s law enforcement, claims three major threat actors – Lazarus, Kimsuky, and Andariel, have been going after defense organizations and third-party…
Recent Posts
- I tried this new online AI agent, and I can’t believe how good Convergence AI’s Proxy 1.0 is at completing multiple online tasks simultaneously
- I cannot describe how strange Elon Musk’s CPAC appearance was
- Over a million clinical records exposed in data breach
- Rabbit AI’s new tool can control your Android phones, but I’m not sure how I feel about letting it control my smartphone
- Everything missing from the iPhone 16e, including MagSafe and Photographic Styles
Archives
- February 2025
- January 2025
- December 2024
- November 2024
- October 2024
- September 2024
- August 2024
- July 2024
- June 2024
- May 2024
- April 2024
- March 2024
- February 2024
- January 2024
- December 2023
- November 2023
- October 2023
- September 2023
- August 2023
- July 2023
- June 2023
- May 2023
- April 2023
- March 2023
- February 2023
- January 2023
- December 2022
- November 2022
- October 2022
- September 2022
- August 2022
- July 2022
- June 2022
- May 2022
- April 2022
- March 2022
- February 2022
- January 2022
- December 2021
- November 2021
- October 2021
- September 2021
- August 2021
- July 2021
- June 2021
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- December 2020
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- January 2020
- December 2019
- November 2019
- September 2018
- October 2017
- December 2011
- August 2010