Intelligence agencies from South Korea and Germany jointly issued a security advisory concerning cyber threats from North Korea, primarily regarding the theft of advanced defense technology. This marks the second occasion that the two countries have issued a joint cybersecurity statement against cyberattacks attributed to the Pyongyang regime.
On February 19, the National Intelligence Service (NIS) of South Korea and the Federal Office for the Protection of the Constitution (BfV) of Germany issued a joint cybersecurity advisory. This advisory calls for heightened security awareness in response to ongoing cyber campaigns originating from North Korea.
The two agencies disclosed details about the tactics, techniques, and procedures (TTPs)—a term commonly used among cybersecurity experts—and indicators of compromise (IoCs) utilized by Pyongyang’s threat actors.
The statement also highlighted two representative incidents. In the first case, it was revealed that North Korean hackers had exploited a website maintenance vendor to infiltrate a defense research center at the end of 2022. This incident is an example of a supply chain attack, where threat actors target and exploit the most vulnerable element within the software supply chain of their intended victim to gain unauthorized access.
In the second case, the statement showcased the “distinctive skills in social engineering” of the Lazarus group, whose ultimate objective, it is believed, is to serve the national interests of North Korea. According to the advisory, Lazarus operatives created counterfeit profiles on the social networking service LinkedIn, posing as recruiters. They reached out to employees within the defense industry. Once they had established mutual trust, these operatives guided their targets to other online platforms, such as WhatsApp and Telegram, to continue their discussions. Subsequently, they enticed the targets to download files that contained malicious features.
In their announcement, the BfV stated, “The BfV and NIS assess that the [North Korean] regime is utilizing military technologies to modernize and enhance the capabilities of conventional weapons and to develop new strategic weapon systems, including reconnaissance satellites and submarines. The DPRK increasingly resorts to cyber espionage as a cost-effective method to acquire military technologies.”
In its press release, the NIS emphasized the significance of the latest joint advisory. “The joint cybersecurity advisory issued by both agencies demonstrates our firm stance against tolerating the technology theft operations North Korea is conducting on a global scale,” stated the NIS.
The initial joint advisory, released in March of the previous year, focused on the North Korean state-sponsored hacking group Kimsuky. It disclosed that Kimsuky had been intercepting emails to and from Google users by exploiting the Chromium extension program, an open-source web browser project predominantly developed by Google.