Multiple North Korean state-sponsored hacking groups have been attacking South Korean defense companies for more than a year, stealing login credentials and sensitive data.
A Reuters report, citing South Korea’s law enforcement, claims three major threat actors – Lazarus, Kimsuky, and Andariel, have been going after defense organizations and third-party contractors, planting malicious code in data systems, pulling out passwords and technical information.
The police managed to identify the attackers by tracking their source IP addresses, re-routing architecture of the signals, and the malware signatures.
Lazarus attacks again
The report did not state which organizations were targeted, or what the nature of the data was, but Reuters did hint that South Korea grew into a “major global defense exporter”, with fresh contracts to sell mechanized howitzers, tanks, and fighter jets. The deals were reportedly valued at billions of dollars.
While all three of these threat actors have made headlines before, Lazarus Group is probably the most infamous one. This group was observed targeting cryptocurrency businesses in the west, stealing millions of dollars in crypto tokens, with which the North Korean government apparently finances its nuclear weapons programs.
The biggest crypto heist to happen to this day is the April 2022 breach at the Ronin network, which resulted in the theft of $625 million in various cryptocurrencies. Ronin network is a cryptocurrency bridge developed by the same company behind the hugely popular blockchain-based game, Axie Infinity.
A bridge is a service that allows users to transfer crypto tokens from one network to another.
Besides Ronin, Lazarus Group was also confirmed to be behind the Harmony bridge attack, which happened in June 2022, and resulted in the theft of $100 million.