Security News > 2023 > August > North Korean hackers 'ScarCruft' breached Russian missile maker
The North Korean state-sponsored hacking group ScarCruft has been linked to a cyberattack on the IT infrastructure and email server for NPO Mashinostroyeniya, a Russian space rocket designer and intercontinental ballistic missile engineering organization.
Today, SentinelLabs reported that ScarCruft is behind a hack of NPO Mashinostroyeniya's email server and IT systems, where the threat actors planted a Windows backdoor named 'OpenCarrot' for remote access to the network.
OpenCarrot is a feature-rich backdoor malware previously linked to another North Korean hacking group, the Lazarus Group.
While it is not clear if this was a joint operation between ScarCruft and Lazarus, it is not uncommon for North Korean hackers to utilize tools and tactics that overlap with other state-sponsored threat actors in the country.
Lazarus hackers linked to $60 million Alphapo cryptocurrency heist.
Lazarus hackers hijack Microsoft IIS servers to spread malware.
News URL
Related news
- North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks (source)
- Faraway Russian hackers breached US organization via Wi-Fi (source)
- Firefox and Windows zero-days exploited by Russian RomCom hackers (source)
- Wanted Russian Hacker Linked to Hive and LockBit Ransomware Arrested (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Radiant links $50 million crypto heist to North Korean hackers (source)
- Russian Turla hackers hit Starlink-connected devices in Ukraine (source)
- Russian cyber spies hide behind other hackers to target Ukraine (source)
- Russian hackers use RDP proxies to steal data in MiTM attacks (source)