BleepingComputer reports that Russian ballistic missile and space rocket designer and manufacturer NPO Mashinostroyeniya had its IT systems and email server compromised by North Korean state-backed hacking group ScarCruft, also known as APT37.
Further investigation into a leaked NPO Mashinostroyeniya email indicating a possible cyber incident that involved the deployment of a malicious DLL on their systems in May showed that the missile maker had been impacted by the OpenCarrot backdoor malware, a report from SentinelLabs revealed.
OpenCarrot, which has been associated with North Korean threat operation Lazarus Group, not only enables the execution of reconnaissance, filesystem and process manipulation, and reconfiguration and connectivity commands, but also allows monitoring of new USB drives that could be leveraged for lateral movement.
NPO Mashinostroyeniya was also discovered to have suspicious Linux email server traffic connecting to the attackers' infrastructure. North Korea may have also deliberately engaged ScarCruft and Lazarus Group to ensure a successful intrusion, said researchers.