Security News > 2023 > August > North Korean hackers had access to Russian missile maker for months, say researchers
Two North Korean hacker groups had access to the internal systems of Russian missile and satellite developer NPO Mashinostoyeniya for five to six months, cyber security firm SentinelOne asserted on Monday.
The attack illustrates potential North Korean efforts to advance development of missile and other military tech via cyber espionage.
"Our findings identify two instances of North Korea-related compromise of sensitive internal IT infrastructure within this same Russian defense industrial base organization, including a specific email server, alongside use of a Windows backdoor dubbed OpenCarrot," said the cyber security researchers.
The rocket maker detected the intrusion in May 2022, when staffers noted unusual communications between specific processes and unknown external infrastructure.
During those months between intrusion and detection, the hackers could read email, move between networks, and extract data.
Relations between Russia and the DPRK have generally been seen as cooperative.
News URL
Related news
- Russian Hackers May Have Targeted Ukrainian Telecoms with Upgraded 'AcidPour' Malware (source)
- Russian hackers target German political parties with WineLoader malware (source)
- Russian Hackers Use 'WINELOADER' Malware to Target German Political Parties (source)
- Researchers Identify Multiple China Hacker Groups Exploiting Ivanti Security Flaws (source)
- Russian Sandworm hackers pose as hacktivists in water utility breaches (source)
- Microsoft Warns: North Korean Hackers Turn to AI-Fueled Cyber Espionage (source)
- Researchers Uncover Windows Flaws Granting Hackers Rootkit-Like Powers (source)
- Russian Sandworm hackers targeted 20 critical orgs in Ukraine (source)
- Russian hackers’ custom tool exploits old Windows Print Spooler flaw (CVE-2022-38028) (source)
- NSA warns of North Korean hackers exploiting weak DMARC email policies (source)