Security News > 2023 > September > Microsoft: North Korean hackers target Russian govt, defense orgs
Microsoft says North Korean hacking groups have breached multiple Russian government and defense targets since the start of the year.
"Multiple North Korean threat actors have recently targeted the Russian government and defense industry - likely for intelligence collection - while simultaneously providing material support for Russia in its war on Ukraine," said Clint Watts, the head of Microsoft's Digital Threat Analysis Center.
"From November 2022 to January 2023, Microsoft observed a second instance of targeting overlaps, with Ruby Sleet and Diamond Sleet compromising defense firms," Microsoft said.
Microsoft's report follows one published by SentinelLabs last month linking the APT37 North Korean state-backed hacking group to the breach of Russian missile maker NPO Mashinostroyeniya.
The OpenCarrot backdoor deployed by APT37 on the systems of the Russian defense entity was previously linked to another North Korean threat group, the Lazarus Group.
North Korean hackers 'ScarCruft' breached Russian missile maker.
News URL
Related news
- Russian Hackers Exploit Microsoft OAuth to Target Ukraine Allies via Signal and WhatsApp (source)
- Russian Hackers Breach 20+ NGOs Using Evilginx Phishing via Fake Microsoft Entra Pages (source)
- Chinese hackers target Russian govt with upgraded RAT malware (source)
- Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery (source)
- Hackers abuse OAuth 2.0 workflows to hijack Microsoft 365 accounts (source)
- North Korean Hackers Spread Malware via Fake Crypto Firms and Job Interview Lures (source)
- France ties Russian APT28 hackers to 12 cyberattacks on French orgs (source)
- Russian Hackers Using ClickFix Fake CAPTCHA to Deploy New LOSTKEYS Malware (source)
- North Korean Konni APT Targets Ukraine with Malware to track Russian Invasion Progress (source)
- Hackers exploit VMware ESXi, Microsoft SharePoint zero-days at Pwn2Own (source)