By Jack Kim
SEOUL (Reuters) – Major North Korean hacking groups have mounted “all-out” cyber attacks against South Korean defence companies for more than a year, breaching the firms’ internal networks and stealing technical data, South Korea’s police said on Tuesday.
Hacking teams linked to North Korea’s intelligence apparatus and known as Lazarus, Kimsuky and Andariel planted malicious codes in data systems of the defence companies either directly or through contractors working with them, the police said.
The police, working with a team of national spy agency and private sector experts, traced the hacks to the groups, identifying them by the source IP addresses, the re-routing architecture of the signals and the signatures of the malwares used, it said.
In a case that began in November 2022, the hackers planted a code in the company’s public network which then infected its intranet when the security program protecting the internal system was temporarily disengaged for a network test, it said.
The hackers also took advantage of the simple security lapse by employees at subcontractors who used the same passcodes for their private and official email accounts, breaching defence company networks and extracting confidential technical data.
The police did not name the companies that have been hacked or the nature of the data breached.
South Korea has emerged as a major global defence exporter, with contracts signed in recent years to sell mechanised howitzers, tanks and fighter jets valued at billions of dollars.
North Korean hacking groups have infiltrated the systems of South Korean financial institutions and news outlets, foreign defence companies, and, in a major security breach in 2014, into South Korea’s nuclear power operator.
North Korean hackers are believed to be behind major cryptocurrency thefts, with the stolen funds being channelled to its weapons programmes.
North Korea denies involvement in hacking operations or crypto heists.
(Reporting by Jack Kim; Editing by Lincoln Feast.)