According to cybersecurity experts based in the United States, North Korean hackers have launched cyberattacks against Russia’s defense sector, successfully infiltrating the country’s aerospace institute earlier this year.
In a report released on Thursday, Microsoft’s Threat Analysis Center (MTAC) revealed that North Korean state-sponsored hackers successfully infiltrated a Russian aerospace research institute last March. The cybercriminals also compromised a device belonging to a Russian university. During the same timeframe, these rogue actors aimed their sights at government officials, dispatching phishing emails to Russian diplomats.
Titled “Sophistication, scope, and scale: Digital threats from East Asia increase in breadth and effectiveness,” the report suggests that the primary aim of these cyber activities is intelligence gathering. The document posits that as the Russian government is preoccupied with its ongoing war in Ukraine, North Korean threat actors are possibly “capitalizing on the opportunity” to collect valuable information.
Furthermore, the MTAC emphasized that these illicit cyber operations were taking place while North Korea was providing military support for Russia in its invasion of Ukraine. Last December, the White House claimed that North Korea had shipped rockets and missiles to Russia for use by the Wagner Group, a private Russian military company. Although North Korea vehemently denied the allegations, White House National Security Council spokesperson John Kirby provided visual evidence to back their claims in a press briefing earlier this year.
In the meantime, North Korean hackers have most frequently targeted defense industries in Russia, South Korea, Germany, and Israel between March of last year and March of this year. The MTAC found that these state-sponsored cyber-attackers infiltrated two arms manufacturers in Germany and Israel from November 2022 to January 2023, with the intent of gathering intelligence that could be used to bolster North Korea’s military capabilities. Additionally, the hackers have compromised defense firms in Brazil, Czechia, Finland, Italy, Norway, and Poland since the beginning of this year. “In the near term, North Korea is to remain focused on targets related to its political, economic, and defense interests in the region,” the MTAC noted in the report.
