Kim Jong-un : “North Korean Hackers Target South Korean Defense Firms”

By | April 23, 2024



Accident – Death – Obituary News : : 1. North Korean cyber attack
2. South Korean defense firms hack

Three key hacking groups from North Korea have infiltrated about 10 South Korean defence firms over the past one and a half years in a concerted attempt to steal defence technologies, the National Police Agency (NPA) said Tuesday. The police agency disclosed the results following an investigation conducted with the national cyber crisis management team into cyber threats shared by related government organisations. It marks the first confirmed concerted hacking attack launched by the three notorious North Korean hacking groups — Lazarus, Andariel and Kimsuky — with the aim of stealing defence technologies from South Korean firms, the NPA said.

1. Cybersecurity threat from North Korean hacking groups
2. South Korean defense firms targeted by North Korean hackers

The Recent Cyber Attack on South Korean Defense Firms

In a recent revelation by the National Police Agency (NPA), it has been reported that three key hacking groups from North Korea have successfully infiltrated approximately 10 South Korean defense firms over the past one and a half years. These hackers, identified as Lazarus, Andariel, and Kimsuky, have been engaged in a concerted effort to steal sensitive defense technologies from these firms.

Specific Details of the Cyber Attacks


Lazarus, one of the hacking groups, managed to gain access to an external computer server of a targeted defense firm in November 2022. They implanted malicious codes, seized control of the firm’s intranet, and transferred crucial data from six internal computers to an overseas cloud server. On the other hand, Andariel has been stealing defense technology data since October 2022 by illicitly obtaining email and password information from a separate firm responsible for remote maintenance and repair work. Kimsuky also accessed email servers of another defense technology firm and downloaded technology data between April and July last year.

Tracing the Cyber Attacks

By analysing IP addresses, malicious codes, and attack methods such as Nukesped and Tiger RAT, the police were able to trace the attacks back to the North Korean hacking groups. Some IP addresses were linked to China’s Shenyang and were previously used in the 2014 hacking attack on the South Korean hydro power agency. The attacks were ongoing for one and a half years until recently, making it challenging to determine the exact timeframe and extent of the damage.

Repercussions and Investigation

The affected defense firms were unaware of the cyber attacks until the police investigation uncovered the breaches. The Defence Ministry and the Defense Acquisition Program Administration are now tasked with examining the extent of the damage caused. The leaked technologies remain undisclosed due to confidentiality concerns, but it is believed that the hacking attack may have been orchestrated under the directives of North Korean leader Kim Jong-un.

Speculations and Insights

The NPA speculates that Kimsuky, Lazarus, and Andariel, which previously had distinct roles in cyber attacks, collaborated to launch comprehensive attacks on South Korean defense firms. This coordinated effort underscores the growing cyber threats faced by government organizations and corporations worldwide.