Security News > 2023 > August > North Korean Hackers Targets Russian Missile Engineering Firm

Two different North Korean nation-state actors have been linked to a cyber intrusion against the major Russian missile engineering company NPO Mashinostroyeniya.

Cybersecurity firm SentinelOne said it identified "Two instances of North Korea related compromise of sensitive internal IT infrastructure," including a case of an email server compromise and the deployment of a Windows backdoor dubbed OpenCarrot.

While both ScarCruft and the Lazarus Group are affiliated to North Korea, it's worth noting that the former is overseen by the Ministry of State Security.

The development marks a rare convergence where two North Korea-based independent threat activity clusters have targeted the same entity, indicating a "Highly desirable strategic espionage mission" that could benefit its controversial missile program.

The exact method used to breach the email server remains unknown, although the group is known to rely on social engineering to phish victims and deliver backdoors like RokRat.

"This incident stands as a compelling illustration of North Korea's proactive measures to covertly advance their missile development objectives, as evidenced by their direct compromise of a Russian Defense-Industrial Base organization," the researchers said.

News URL

https://thehackernews.com/2023/08/north-korean-hackers-targets-russian.html