South Korean, German Intelligence Agencies on High Alert for North Korean Attacks

Warning Against Defense Industry Cyber Attacks

South Korea and Germany’s intelligence agencies have jointly issued a cybersecurity advisory to prevent cyber attack damages in North Korea’s defense industry.

According to the National Intelligence Service on the 20th, this joint advisory introduced the attackers and actual attack methods, analyzing the Tactics, Techniques, and Procedures (TTPs) of two representative cases of North Korea’s defense hacking.

A North Korean hacking organization infiltrated institutions researching maritime and shipbuilding technology by the end of 2022. Rather than directly infiltrating defense agencies, they first hacked maintenance companies with weak security, stole server account information, and illegally infiltrated organization servers, attempting to distribute malware to all employees. However, when the malware was detected before distribution, the hacking organization attempted additional attacks, such as sending spear-phishing emails to employees.

The National Intelligence Service stated, “The North Korean hacking organization took advantage of situations where remote maintenance was allowed due to COVID-19 and attempted to infiltrate internal servers using maintenance companies,” and advised, “When remote maintenance of a cooperative company is needed in national and public institutions, please refer to Article 26 of the National Information Security Guidelines (Security of Service Companies).”

Additionally, the North Korean hacking organization Lazarus has been using social engineering attack methods to infiltrate defense companies since mid-2020. Lazarus first joined platforms like LinkedIn disguised as a hiring manager, approached defense company employees, and focused on building familiarity by sharing seemingly innocuous conversations. They then lured targets to other SNS platforms like WhatsApp and Telegram under the guise of job consultation and installed malware through job offer PDFs.

Both agencies assessed that North Korea is focusing on stealing advanced defense technology worldwide, placing military strength enhancement as a regime priority, and utilizing the stolen technology to develop strategic weapons such as reconnaissance satellites and submarines. To prevent North Korea’s social engineering hacking attacks, they emphasized establishing an open culture where employees can easily report suspicious situations, along with case education.

This joint advisory is the second after the announcement of the Kimsuky hacking organization’s abuse of Google services in March last year. The National Intelligence Service stated that it serves as a warning to North Korea, which is stealing advanced defense technology worldwide and exploiting it for weapon development.

A National Intelligence Service official stated, “The issuance of a security advisory with the German Federal Intelligence Service shows the determination of both countries not to ignore North Korea’s worldwide theft of defense technology,” and added, “Both countries will continue to collaborate more to respond to various cyber threats from North Korea, including the defense sector, and create a safer cyberspace.”