Security News > 2023 > August > North Korean hackers 'ScarCruft' breached Russian missile maker
The North Korean state-sponsored hacking group ScarCruft has been linked to a cyberattack on the IT infrastructure and email server for NPO Mashinostroyeniya, a Russian space rocket designer and intercontinental ballistic missile engineering organization.
Today, SentinelLabs reported that ScarCruft is behind a hack of NPO Mashinostroyeniya's email server and IT systems, where the threat actors planted a Windows backdoor named 'OpenCarrot' for remote access to the network.
OpenCarrot is a feature-rich backdoor malware previously linked to another North Korean hacking group, the Lazarus Group.
While it is not clear if this was a joint operation between ScarCruft and Lazarus, it is not uncommon for North Korean hackers to utilize tools and tactics that overlap with other state-sponsored threat actors in the country.
Lazarus hackers linked to $60 million Alphapo cryptocurrency heist.
Lazarus hackers hijack Microsoft IIS servers to spread malware.
News URL
Related news
- Russian Hackers May Have Targeted Ukrainian Telecoms with Upgraded 'AcidPour' Malware (source)
- Russian hackers target German political parties with WineLoader malware (source)
- Russian Hackers Use 'WINELOADER' Malware to Target German Political Parties (source)
- Russian Sandworm hackers pose as hacktivists in water utility breaches (source)
- Microsoft Warns: North Korean Hackers Turn to AI-Fueled Cyber Espionage (source)
- Russian Sandworm hackers targeted 20 critical orgs in Ukraine (source)
- Russian hackers’ custom tool exploits old Windows Print Spooler flaw (CVE-2022-38028) (source)
- NSA warns of North Korean hackers exploiting weak DMARC email policies (source)
- Russian Hacker Dmitry Khoroshev Unmasked as LockBit Ransomware Administrator (source)