North Korean hackers have launched cyberattacks on South Korean defense companies and stolen technical data, according to reports from Seoul. The hacking groups, believed to be backed by North Korea, conducted extensive cyberattacks over the course of a year, prompting warnings from the Korean National Police Agency for increased security measures in the industry. South Korea’s defense industry plays a significant role in the global arms trade, with contracts for various weapons platforms including fighter jets and naval vessels. The cyber theft occurred amidst heightened tensions between the two Koreas, with North Korea conducting ballistic missile tests and advancing its nuclear weapons program.
The cyberattacks targeted specific defense firms, although they were not named in the report. The South Korean authorities were able to trace the attacks to IP addresses associated with three known hacking organizations—Lazarus Group, Kimsuky, and Andariel. In one operation, hackers infiltrated a company’s intranet by infecting it with malware through the public network while the security program was temporarily down during a network test. The police confirmed that sensitive data had been stolen from six computers and transferred to cloud servers located overseas. Efforts were made to reach out to the North Korean embassy in Beijing for comment on the matter.
One cyber operation that began in November 2022 involved hackers exploiting the use of identical passwords for both private and company email accounts by employees of a server maintenance company. As a result, the hackers were able to gain access to a defense contractor’s system and extract valuable data. The police agency emphasized the need for enhanced security measures to prevent future cyberattacks targeting defense technology, including measures such as two-factor authentication, network segregation, and regular password changes. The U.S. Office of the Director of National Intelligence highlighted North Korea’s cyber capabilities in its 2024 threat assessment report, warning of the country’s sophisticated cyber espionage and attack capabilities.
North Korea’s cyber program is seen as a significant threat, with the country using its cyber capabilities for espionage, cybercrime, and potential attacks against various targets, including the United States and South Korea. The country’s cyber forces have evolved and are capable of achieving strategic objectives through cyber operations. In addition to targeting defense technology, North Korea is also using its cyber capabilities to engage in activities such as laundering stolen cryptocurrency and deploying IT workers abroad to earn additional funds. As tensions continue to simmer between North and South Korea, the issue of cybersecurity and defending against cyberattacks remains a top priority for both countries.
In light of these cyber threats, South Korean authorities are urging defense companies and their suppliers to strengthen security measures and vigilance against potential cyberattacks from North Korea. The ongoing cyber espionage activities by North Korea highlight the need for enhanced cybersecurity measures not only in the defense industry but across various sectors. As North Korea’s cyber forces continue to evolve and pose a growing threat, efforts to bolster cybersecurity defenses and mitigate the risk of cyberattacks are essential to safeguarding sensitive data and national security interests.
