Elite North Korean hackers 'break into Putin's top secret missile systems'

591     0
Two important groups from North Korea could actually be targeting Vladimir Putin
Two important groups from North Korea could actually be targeting Vladimir Putin's missiles from cyberspace. (Image: POOL/AFP via Getty Images)

North Korean hackers have reportedly targeted top secret Russian missile systems.

Despite seeming to be one of Russia's strongest allies, two important groups from North Korea could actually be hacking into Vladimir Putin's missiles from cyberspace.

Capital Pyongyang recently showed off its arsenal to Russian officials, but this latest development suggests an attempt to steal information about its missiles, cybersecurity firm SentinelOne says.

SentinelOne has seen evidence suggesting two North Korean threat actors - ScarCruft and Lazarus - targeted Russian missile maker NPO Mashinostroyeniya (also known as JSC MIC Mashinostroyenia and NPO Mash).

The security firm’s researchers came across leaked emails apparently originating from NPO Mashinostroyeniya, a sanctioned organisation that possesses valuable information on missile technology developed and used by Russia.

Russian model killed after calling Putin a 'psychopath' was strangled by her ex dqxikeidqkikdinvRussian model killed after calling Putin a 'psychopath' was strangled by her ex
Elite North Korean hackers 'break into Putin's top secret missile systems'It comes after North Korea showed off its missiles to Russian officials (KCNA VIA KNS/AFP via Getty Image)

The leak appeared accidental and included many emails, some of which discussed a breach detected within the organisation. The attackers managed to intercept emails and steal data. A Windows backdoor named OpenCarrot and infrastructure used in the attack enabled SentinelOne to link the operation to the North Korean state-sponsored hacker groups.

“This engagement establishes connections between two distinct DPRK-affiliated threat actors, suggesting the potential for shared resources, infrastructure, implants, or access to victim networks,” the security firm said. "Moreover, we acknowledge the possibility that the assigned task of an intrusion into NPO Mashinostroyeniya might have warranted targeting by multiple autonomous threat actors due to its perceived significance.”

According to Reuters, an elite group of North Korean hackers secretly breached computer networks at a major Russian missile developer for at least five months last year, according to technical evidence reviewed by Reuters and analysis by security researchers.

Thomas Uhlemann, Security Specialist at ESET: “Seeing possible links or reuse of tools between two or more state-sponsored threat actors is less of a surprise in this case. Especially in countries like North Korea no "outside activity" happens without the sanction of the government. It is only natural to try and save costs by sharing proven tactics, techniques, and procedures (TTPs).

"We've analysed both Lazarus and ScarCruft campaigns in the past and have not seen a previous collaboration of both groups, but the targeting of aerospace and military industry, misusing supply-chain and mail servers is typical for NK-aligned actors. The experience gained from these attacks comes in handy, now, of course.

"In this current case ScarCruft seems to be taking advantage of the fact that Russia's focus is on the war in Ukraine and thus security of its own systems in sensitive industries has a lower priority. Due to sanctions put on Russia, it might also be harder for local IT teams to obtain and apply patches and updates for vulnerable systems.”

Hannah Kane

Print page

Comments:

comments powered by Disqus