Go to contents

N. Korea launches cyberattacks on S. Korea's defense companies

N. Korea launches cyberattacks on S. Korea's defense companies

Posted April. 24, 2024 08:04,   

Updated April. 24, 2024 08:04


Recent revelations indicate that a South Korean defense technology company responsible for manufacturing crucial components for the country's military systems, such as armored vehicles, missiles, and radar, fell victim to extensive cyber extortion by North Korea between January and March 2024. Despite not being a large-scale entity, this company's strategic significance warrants serious concern from the government. An authoritative figure within the government highlighted that North Korea, historically focused on major defense corporations in its hacking operations, has now broadened its scope to include smaller to mid-sized defense contractors possessing critical defense technologies. Critics argue that these smaller firms are particularly vulnerable to cyberattacks.

Government sources disclosed on Tuesday that North Korea managed to extract several years' worth of component-related data by deploying malicious codes within this targeted company's system. While investigating the cyber intrusion, intelligence agencies and law enforcement agencies detected telltale signs pointing to North Korea's involvement. To combat this threat, the National Intelligence Service, the National Security Office, the Prosecutor's Office, the National Police Agency, and private sector experts have unified efforts through the National Cyber Threat Committee to share intelligence and conduct a comprehensive investigation.

The affected company, known for supplying cables used in major military weapon systems to leading domestic defense contractors, has played a pivotal role in South Korea's indigenous defense projects, such as the Cheonmoo multi-stage rocket and the Cheongung mid-tier altitude missile defense system.

Furthermore, it was confirmed that North Korea had pilfered defense-related data from over a dozen South Korean defense companies between October 2022 and July 2023. The National Police Agency's national investigation headquarters identified North Korean intelligence entities such as Lazarus, Kimsuky, and Andariel as the perpetrators behind these cyber intrusions, disclosing further details on related cyberattacks. "This marks the first instance where multiple North Korean hacking groups collaborated in a synchronized effort to steal South Korea's defense technology,” a source familiar with the matter from the National Police Agency said.

In response to this escalating cyber threat, the United States has reportedly elevated its cyber threat assessment of North Korea and is deploying additional dedicated monitoring resources. "Designating North Korea as a cybercrime concern signifies heightened vigilance and a more assertive approach by the U.S. government toward monitoring and countering North Korea's cyber espionage activities,” a South Korean government source emphasized.

Jin-Woo Shin niceshin@donga.com