Authorities Warns Of North Korean Attackers Stealing Military Technologies

Threat actors target military technologies to gain a strategic advantage, access classified information, and compromise national security. 

Recently, Germany’s BfV and South Korea’s NIS and CSA issued a second advisory on North Korean cyber actors targeting defense sector firms and research centers.

It’s been noted that DPRK (Democratic People’s Republic of Korea) has been actively focusing on military strength and stealing advanced defense tech globally.

North Korean Attackers Stealing Military Technologies

This report exposes DPRK’s cyber tactics and attributes intrusions to LAZARUS and another North Korean group. 

This has highlighted their expansion into the defense and financial sectors. LAZARUS is a notorious actor that engages in spear phishing, financial heists, and cyber espionage, posing a global threat.

html

Analyse Shopisticated Malware with ANY.RUN

Try ANY.RUN Yourself with a 14-day Free Trial

More than 300,000 analysts use ANY.RUN is a malware analysis sandbox worldwide. Join the community to conduct in-depth investigations into the top threats and collect detailed reports on their behavior..

Successful attacks on defense sectors enable the DPRK to strengthen its military capabilities by acquiring sensitive data.

Security analysts identified two cases:-

• The first case – A malicious campaign targets defense research center using specific tactics

In late 2022, a North Korean cyber actor breached a maritime research center’s systems via a supply-chain attack, which later expanded control through a patch management system. 

The actor stole account data and email contents by leveraging MITRE ATT&CK to detail the attack flow.

This occurred before DPRK’s focus on naval power, which was marked by the construction of a new submarine in September 2023.

• Second case – LAZARUS employs social engineering to attack defense companies in a distinctive procedure

The second case reveals the LAZARUS group’s proficient social engineering skills, exploited by DPRK since mid-2020 to infiltrate defense companies.

The campaign has been dubbed “Operation Dream Job,” which involves sending job offer-related malicious files to targeted employees. 

LAZARUS has posed a dangerous threat to both cyber and global security for over three years in this type of attack against the defense sector.

Mitigations

Here below, we have mentioned all mitigations provided by the security researchers:-

• Limit access to necessary systems during remote maintenance.
• Authenticate before granting user permissions.
• Store and maintain audit logs.
• Monitor audit logs regularly for anomalous access.
• Adopt proper PMS procedures for user authentication.
• Implement verification for the final stage of distribution to prevent supply chain attacks.
• Always implement SSL/TLS on websites to prevent data breaches.
• Protect critical data.
• For remote work using a VPN, make sure to use multi-factor authentication.
• Protect OTP authentication keys from disclosure.
• Educate personnel about common social engineering tactics.
• Encourage reporting of security incidents.

You can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits, with Perimeter81 malware protection. All are extremely harmful, can wreak havoc, and damage your network.