Phishing for secrets: Russian cyber experts believe defense industry is being attacked by North Korea

19 Oct, 2020 10:34

By Jonny Tickle

A hacker group from North Korea has been attacking Russian military and industrial organizations by sending fraudulent emails, according to cybersecurity experts, who believe that Pyongyang is beginning to cast its net wider.

This may come as a surprise to some, as Russia is one of very few countries with no hostility towards Pyongyang, which has very few allies on the world stage.

Speaking to Moscow daily Kommersant, experts explained that hacker group Kimsuky had attempted to collect confidential information from aerospace and defense companies through phishing attacks.

Also on rt.com Despite Western hysteria over Russian hackers, up to 75% of global cyberattacks originate from US soil – top Moscow security chief

A phishing attack, typically sent via email, sees the hackers attempting to create an official-looking message, normally from the target's employer, with the goal of encouraging the user to enter their login and password, thereby handing the information to the sender. The details could then be used to look at the worker's emails, potentially compromising secrets.

According to Anastasia Tikhonova, head of the complex threat research department at Group-IB, Kimsuky was initially focused on South Korean targets but has since broadened the scope of its operation. In recent times, the group has also attacked military industry companies in Ukraine, Slovakia, and Turkey.

Also speaking to Kommersant, Denis Legezo, a cybersecurity expert at Russian software company Kaspersky Lab, explained that North Korean hackers appear to have switched targets away from politics and commerce, instead moving towards industrial espionage. In particular, recent phishing attacks have taken the form of an email about current aerospace and defense industry vacancies.

Also on rt.com EU targets Russian intelligence, Chinese, North Korean companies in first ever cybercrime-related round of sanctions

Kimsuky has previously made headlines for its operations in South Korea. In March 2015, Seoul accused Pyongyang of being responsible for the 2014 attacks on the Korea Hydro and Nuclear Power Co Ltd, which runs the country's 23 nuclear reactors. Earlier this year, the US government sought to seize hundreds of cryptocurrency accounts, after they were accused of being part of a North Korean plot to steal millions of dollars from crypto exchanges.

Like this story? Share it with a friend!