A sanctioned Russian missile manufacturer appears to have been targeted by2 important N. Korean hacking groups.
A Russian defence industrial base organisation specialising in missiles & military spacecraft seems to have been targeted by 2 important N. Korean hacking groups.
Superficially, N. Korea is one of Russia’s strongest allies since the start of the Ukraine war, with the regime recently showing off its missiles to Russian officials.
However, research conducted by cyber-security firm SentinelOne appears to show that N. Korea is actually targeting Russia in cyberspace, likely in an effort to steal information about missiles.
SentinelOne has seen evidence suggesting that 2 N. Korean threat actors, ScarCruft & the notorious Lazarus, targeted Russian missile maker NPO Mashinostroyeniya (also known as JSC MIC Mashinostroyenia & NPO Mash).
The security firm’s researchers came across leaked emails seemingly coming from NPO Mashinostroyeniya, a sanctioned organisation that holds valuable information on missile technology developed & used by Russia.
The leak appeared accidental, & included many emails, some of which discussed a breach detected within the organisation. The attackers managed to intercept emails & steal data.
A Windows ‘backdoor’ Called OpenCarrot & infrastructure used in the attack enabled SentinelOne to link the operation to the N. Korean state-sponsored hacker groups.
“This engagement establishes connections between 2 distinct DPRK-affiliated threat actors, suggesting the potential for shared resources, infrastructure, implants, or access to victim networks,” the security firm observed.
It added, “Moreover, we acknowledge the possibility that the assigned task of an intrusion into NPO Mashinostroyeniya might have warranted targeting by multiple autonomous threat actors due to its perceived significance.”
Reuters conducted its own investigation into the MPO Mashinostroyeniya breach & found that the intrusion likely began in late 2021 & it was discovered in May 2022.
The leaked emails seem to have come from an employee who was investigating the incident & uploaded some files to VirusTotal or similar.
One expert explained that even if N. Korean hackers managed to steal Russian missile plans, actually reproducing them would take a ‘lot more’ than that.
