Law enforcement officials in South Korea have disclosed that hacker organizations funded by North Korea’s state have been persistently carrying out cyber espionage operations against the nation’s defense firms.
The notification states that the attackers gained access to the networks by taking advantage of weaknesses in the environments of the targets or their subcontractors to implant malware that could extract data.
identified Threat Actors
Investigators have attributed the attacks to three well-known North Korean hacking groups with ties to the regime’s intelligence apparatus:
- Lazarus: A highly sophisticated group notorious for cyberattacks against financial institutions and cryptocurrency exchanges.
- Kimsuky: Known for its focus on political and military intelligence gathering within South Korea.
- Andariel: A group with a history of targeting South Korean infrastructure and government organizations.
The Korean police recommends both defense companies and their subcontractors to improve network security segmentation, periodic password resets, setting up two-factor authentication on all critical accounts, and blocking foreign IP accesses.
