Security News > 2023 > August > North Korean Hackers Targets Russian Missile Engineering Firm
Two different North Korean nation-state actors have been linked to a cyber intrusion against the major Russian missile engineering company NPO Mashinostroyeniya.
Cybersecurity firm SentinelOne said it identified "Two instances of North Korea related compromise of sensitive internal IT infrastructure," including a case of an email server compromise and the deployment of a Windows backdoor dubbed OpenCarrot.
While both ScarCruft and the Lazarus Group are affiliated to North Korea, it's worth noting that the former is overseen by the Ministry of State Security.
The development marks a rare convergence where two North Korea-based independent threat activity clusters have targeted the same entity, indicating a "Highly desirable strategic espionage mission" that could benefit its controversial missile program.
The exact method used to breach the email server remains unknown, although the group is known to rely on social engineering to phish victims and deliver backdoors like RokRat.
"This incident stands as a compelling illustration of North Korea's proactive measures to covertly advance their missile development objectives, as evidenced by their direct compromise of a Russian Defense-Industrial Base organization," the researchers said.
News URL
https://thehackernews.com/2023/08/north-korean-hackers-targets-russian.html
Related news
- North Korean Hackers Using New VeilShell Backdoor in Stealthy Cyber Attacks (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- 100+ domains seized to stymie Russian Star Blizzard hackers (source)
- Pro-Ukrainian Hackers Strike Russian State TV on Putin's Birthday (source)
- US, UK warn of Russian APT29 hackers targeting Zimbra, TeamCity servers (source)
- Russian hackers deliver malicious RDP configuration files to thousands (source)
- North Korean govt hackers linked to Play ransomware attack (source)
- North Korean hackers pave the way for Play ransomware (source)
- North Korean hackers employ new tactics to compromise crypto-related businesses (source)
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)