(Courtesy of Getty Images Bank)
North Korean hackers allegedly attacked South Korean arms manufacturers and stole some of their technical data for more than a year, Seoul’s police said on Tuesday, raising the alarm for the South’s national security.
North Korea’s three largest hacking groups — Lazarus, Kimsuky and Andariel – carried out cyberattacks on 83 defense contractors in the South and took confidential information from about 10 of them from October 2022 to July 2023, according to the National Office of Investigation under the police agency.
None of the defense companies were aware of the attacks before the police launched the investigation, boosting concerns over the industry-wide security system.
North Korean leader Kim Jong Un may have been behind the infiltration as it was the first time for those three hacking teams linked to Pyeongyang’s intelligence apparatus to mount “all-out” cyber heists, although an individual group had attempted to steal certain technology, the police said.
“North Korea is expected to continue cyberattacks to steal defense technology,” said an official at the South Korean investigation office. “We will make efforts to strengthen the security of the defense industry with the DAPA,” the official added, referring to Seoul’s arms procurement agency Defense Acquisition Program Administration.
INCREASINGLY SIMILAR
The police investigated South Korean defense contractors with the DAPA and the spy agency National Intelligence Service (NIS) for a month from Jan. 15 while taking measures such as blocking overseas Internet Protocol (IP) addresses and separating internal and external networks to prevent further damage.
The authorities have yet to disclose details of the damages such as the names of companies hit by the cyberattacks and the information leaked on specific weapon systems, considering their impact on the national security and the local defense industry.
South Korea is home to major defense makers such as Korea Aerospace Industries Ltd. (KAI), Hanwha Aerospace Co., LIG Nex1 Co. and Hyundai Rotem Co.
The national security is likely to be at risk if core weapon designs developed and produced in the country were leaked, industry sources said.
“North Korean arms are getting increasingly similar to those of the South. The shape of the KN-23, the North’s surface-to-surface missile recently identified is pretty similar to the Hyunmoo-4, our ballistic missile,” said one of the sources in Seoul.
“It will be a huge hit if data on missiles and unmanned aerial vehicles was leaked.”
TOP THREE HACKING GROUPS
The South Korean police said the hackers’ methods were consistent with those of the North Korean groups such as Lazarus, Kimsuky and Andariel, considering the IP addresses of the locations of the cyberattacks, malicious codes and the server establishments.
The national security authorities in Seoul assess North Korea’s cyberattack capabilities are among the world’s top 10 in general and the best in the financial and cryptocurrency sectors.
“North Korea is trying to seek anything necessary through cyberattacks with attempting to carry out hacking Russian companies even,” said an NIS official.
The Lazarus Group under a North Korean intelligence agency stole $81 million from Bangladesh’s central bank in 2016. The Andariel disrupted computer networks across South Korea in 2013, while Kimsuky reportedly made several attempts to attack the KAI and the Korea Atomic Energy Research Institute.
Those hacking groups hacked a South Korean shipbuilder for drawings and design data last August and September. They were also known to have seized some information on the latest 3,000-ton submarine and the KF-21, the country’s first homegrown supersonic jet fighter.
A prototype of the KF-21, the country’s first homegrown supersonic jet fighter (File photo, courtesy of the KAI)
POOR SECURITY SYSTEMS
The hackers targeted the vulnerable security systems of South Korean defense makers.
The cyber attackers seized the internal networks of those companies through networks, which were opened for tests, to transfer important information to overseas cloud servers. They also stole technology data through loopholes, in which some defense contractors’ employees use the same ID and password for portal sites as those for their corporate access accounts.
South Korean defense makers have already been in trouble due to poor security systems. The KF-21’s technology was allegedly leaked to Indonesia, South Korea’s partner for the jet’s development, while Taiwan was suspected of taking the technology of a submarine developed by Daewoo Shipbuilding & Marine Engineering Co., currently Hanwha Ocean Co.
An employee of a South Korean defense company lost his laptop about five years ago when he went abroad for a business trip, industry sources said. Engineers of a major arms manufacturer saved data at their personal email accounts for convenience after the company separated its internal and external networks, according to the sources.
“If members of defense and related companies do not comply with security rules because they are annoying, that will pose a huge threat to national security,” said Shin Jong-woo, secretary general of the Korea Defence and Security Forum (KODEF).
Write to Cheol-Oh Cho and Dong-Hyun Kim at cheol@hankyung.com
Jongwoo Cheon edited this article.
