SEOUL - Major North Korean hacking groups have mounted “all-out” cyber attacks against South Korean defence companies for more than a year, breaching the firms’ internal networks and stealing technical data, South Korean police said on Tuesday.
Hacking teams linked to North Korean intelligence and known as Lazarus, Kimsuky and Andariel planted malicious code in the data systems of the defence companies either directly or through contractors working with them, the police said.
The police, working with a team of national spy agency and private-sector experts, traced the hacks to the groups, identifying them by the source IP addresses, the rerouting architecture of the signals and the signatures of the malware used, it said.
In one case that began in November 2022, the hackers planted a code in a company’s public network, which then infected its intranet when the security program protecting the internal system was temporarily disengaged for a network test, it said.
The hackers also took advantage of the simple security lapse by employees at subcontractors who used the same passwords for their private and official email accounts, breaching defence company networks and extracting confidential technical data.
The police did not name the companies that have been hacked or the nature of the data breached.
South Korea has emerged as a major global defence exporter, with contracts signed in recent years to sell mechanised howitzers, tanks and fighter jets valued at billions of dollars.
North Korean hacking groups have infiltrated the systems of South Korean financial institutions and news outlets, foreign defence companies, and, in a major security breach in 2014, into South Korea’s nuclear power operator.
North Korean hackers are believed to be behind major cryptocurrency thefts, with the stolen funds being channelled to its weapons programmes.
North Korea denies involvement in hacking operations or crypto heists.