South Korea and Germany have released a joint advisory on the Democratic People’s Republic of Korea’s (DPRK) increasing cyber espionage against the defense industry.
The warning informed allies of Pyongyang’s latest attempts to exploit sensitive data from advanced military technologies to boost its own weapons programs.
North Korea’s tactics outlined by Berlin and Seoul’s intelligence agencies include cyberattacks on the targets’ internal servers and social engineering campaigns.
Supply Chain Infiltration
The documentation revealed that DPRK cybercriminals were involved in a 2022 supply chain attack against a research center for maritime and shipping technologies.
During this assault, the hackers initially infiltrated a supplier responsible for sustaining the facility’s web servers before compromising the center.
South Korea and Germany suspect that the cybercriminals took advantage of the research company’s reliance on remote maintenance and repair, which was prevalent in other sectors during the pandemic.
Alongside bypassing security protocols through remote access, the hackers took advantage of a “trustful relationship” between the center and the vendor’s infrastructure.
“The actor used legitimate tools… to download additional malicious files from [command and control] servers such as a tunneling tool for remote access and a script functioning as a downloader,” the German Federal Office for the Protection of the Constitution (BfV) wrote.
“The cyber actor… obtained additional information about the network; and stole account
credentials of the target’s employees.”
Fake Job Offers
Meanwhile, the published advisory stated that BfV and South Korea’s National Intelligence Service (NIS) identified a DPRK cyber organization called Lazarus as the entity behind complex social engineering assaults against the defense sector since the 2020s.
According to NIS, the hackers pose as recruiters and offer fake jobs to defense-related workers in online job portals such as LinkedIn.
Lazarus’ modus involves establishing a detailed rapport on selected topics to maintain engagement with targeted individuals, using other messaging applications, recruitment tests, and malware-infected documents to disguise the operation as a legitimate process.
Other coding challenges sent through these job offers trigger a virus that compromises the target’s device and sends a malicious file to grant group access to a user’s network.
“North Korea’s cyber hacking activities are a low-cost and efficient means of acquiring weapons technology, and that they will never give up in the future,” NIS stated.
“The announcement of a security advisory with the German Constitutional Security Service shows that the two countries will not stand by and watch North Korea steal defense technology from all over the world.”