Security News > 2023 > August > North Korean hackers 'ScarCruft' breached Russian missile maker
The North Korean state-sponsored hacking group ScarCruft has been linked to a cyberattack on the IT infrastructure and email server for NPO Mashinostroyeniya, a Russian space rocket designer and intercontinental ballistic missile engineering organization.
Today, SentinelLabs reported that ScarCruft is behind a hack of NPO Mashinostroyeniya's email server and IT systems, where the threat actors planted a Windows backdoor named 'OpenCarrot' for remote access to the network.
OpenCarrot is a feature-rich backdoor malware previously linked to another North Korean hacking group, the Lazarus Group.
While it is not clear if this was a joint operation between ScarCruft and Lazarus, it is not uncommon for North Korean hackers to utilize tools and tactics that overlap with other state-sponsored threat actors in the country.
Lazarus hackers linked to $60 million Alphapo cryptocurrency heist.
Lazarus hackers hijack Microsoft IIS servers to spread malware.
News URL
Related news
- North Korean Hackers Using New VeilShell Backdoor in Stealthy Cyber Attacks (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- 100+ domains seized to stymie Russian Star Blizzard hackers (source)
- Pro-Ukrainian Hackers Strike Russian State TV on Putin's Birthday (source)
- US, UK warn of Russian APT29 hackers targeting Zimbra, TeamCity servers (source)
- Russian hackers deliver malicious RDP configuration files to thousands (source)
- North Korean govt hackers linked to Play ransomware attack (source)
- North Korean hackers pave the way for Play ransomware (source)
- North Korean hackers employ new tactics to compromise crypto-related businesses (source)
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)