North Korean state-sponsored advanced persistent threat operations Lazarus Group, Kimsuky, and Andariel were noted by South Korea's National Police Agency to have targeted several South Korean defense industry entities since late 2022 in a bid to obtain intelligence regarding defense technologies, reports Security Affairs.
Vulnerable infrastructure prompted the Lazarus Group to breach a defense organization in November 2022, which resulted in the compromise of at least six internal computers along with the entity's internal network and sensitive data, while Andariel leveraged account credentials from an employee of a defense contractor's third-party to distribute malware that facilitated the theft of technical information regarding defense technology, according to an advisory from the National Police Agency.
On the other hand, attacks against a defense subcontractor's vulnerable email server have been conducted by Kimsuky from April to July 2023 to facilitate a significant exfiltration of technical data. The expected persistence of North Korean attacks should prompt the implementation of more robust cybersecurity defenses across South Korean defense firms and subcontractors, said the advisory.
