Cybersecurity News that Matters

Cybersecurity News that Matters

South Korea, Germany jointly warn of North Korea’s defense technology theft

by Dain Oh

Feb. 19, 2024
12:19 PM GMT+9

Intelligence agencies from South Korea and Germany jointly issued a security advisory concerning cyber threats from North Korea, primarily regarding the theft of advanced defense technology. This marks the second occasion that the two countries have issued a joint cybersecurity statement against cyberattacks attributed to the Pyongyang regime.

On February 19, the National Intelligence Service (NIS) of South Korea and the Federal Office for the Protection of the Constitution (BfV) of Germany issued a joint cybersecurity advisory. This advisory calls for heightened security awareness in response to ongoing cyber campaigns originating from North Korea.

The two agencies disclosed details about the tactics, techniques, and procedures (TTPs)—a term commonly used among cybersecurity experts—and indicators of compromise (IoCs) utilized by Pyongyang’s threat actors.

Source: Joint cybersecurity advisory by the National Intelligence Service (NIS) of South Korea and the Federal Office for the Protection of the Constitution (BfV) of Germany

The statement also highlighted two representative incidents. In the first case, it was revealed that North Korean hackers had exploited a website maintenance vendor to infiltrate a defense research center at the end of 2022. This incident is an example of a supply chain attack, where threat actors target and exploit the most vulnerable element within the software supply chain of their intended victim to gain unauthorized access.

In the second case, the statement showcased the “distinctive skills in social engineering” of the Lazarus group, whose ultimate objective, it is believed, is to serve the national interests of North Korea. According to the advisory, Lazarus operatives created counterfeit profiles on the social networking service LinkedIn, posing as recruiters. They reached out to employees within the defense industry. Once they had established mutual trust, these operatives guided their targets to other online platforms, such as WhatsApp and Telegram, to continue their discussions. Subsequently, they enticed the targets to download files that contained malicious features.

Source: Joint cybersecurity advisory by the National Intelligence Service (NIS) of South Korea and the Federal Office for the Protection of the Constitution (BfV) of Germany
Source: Joint cybersecurity advisory by the National Intelligence Service (NIS) of South Korea and the Federal Office for the Protection of the Constitution (BfV) of Germany

In their announcement, the BfV stated, “The BfV and NIS assess that the [North Korean] regime is utilizing military technologies to modernize and enhance the capabilities of conventional weapons and to develop new strategic weapon systems, including reconnaissance satellites and submarines. The DPRK increasingly resorts to cyber espionage as a cost-effective method to acquire military technologies.”

In its press release, the NIS emphasized the significance of the latest joint advisory. “The joint cybersecurity advisory issued by both agencies demonstrates our firm stance against tolerating the technology theft operations North Korea is conducting on a global scale,” stated the NIS.

The initial joint advisory, released in March of the previous year, focused on the North Korean state-sponsored hacking group Kimsuky. It disclosed that Kimsuky had been intercepting emails to and from Google users by exploiting the Chromium extension program, an open-source web browser project predominantly developed by Google.

Subscription

Subscribe to our newsletter for the latest insights and trends. Tailor your subscription to fit your interests:

By subscribing, you agree to our Privacy Policy. We respect your privacy and are committed to protecting your personal data. Your email address will only be used to send you the information you have requested, and you can unsubscribe at any time through the link provided in our emails.

  • Dain Oh
    : Author

    Dain Oh is a distinguished journalist based in South Korea, recognized for her exceptional contributions to the field. As the founder and editor-in-chief of The Readable, she has demonstrated her expe...

    View all posts
Designer:
Stay Ahead with The Readable's Cybersecurity Insights