North Korean Cybergangs Hack Russian Missile Maker

image provided by pixabay

This post is also available in: עברית (Hebrew)

Two elite North Korean cybergangs called ScarCruft and Lazarus breached the computer networks of a major Russian missile developer for at least five months last year. According to Cybernews, they installed stealthy digital backdoors into systems at NPO Mashinostroyeniya (PNO Mash), a rocket design bureau based in a small town on the outskirts of Moscow.

Missile experts state that NPO Mash is a pioneer developer of hypersonic missiles, satellite technologies, and newer generation ballistic armaments, which are three areas of keen interest to North Korea.

The nature of the information viewed or taken is unknown, but in the months following the digital break-in, Pyongyang announced several developments in its banned ballistic missile program. It is currently unclear whether or not this was related to the breach.

According to Tom Hegel, a security researcher with US cybersecurity firm SentinelOne who initially discovered the compromise, the hackers have dug into the company’s IT environment, which gave them the ability to read email traffic, jump between networks, and extract data.

Russian President Vladimir Putin declared in 2019 that NPO Mash’s “Zircon” hypersonic missile was a promising product capable of traveling at around nine times the speed of sound. Nevertheless, North Korean hackers potentially obtaining information about the Zircon does not mean the country would immediately have that same capability.

According to Reuters, since 2016 North Korea has been increasingly relying on hacking to generate income for the country’s treasury, and it is believed that most of the proceeds from these criminal activities are allocated to the national defense budget, to fund nuclear and missile testing.

Furthermore, since the government completely controls all access to the internet, North Korea’s cryptocurrency industry is mainly crime-related and backed by the state. According to a report from South Korea’s primary intelligence agency, hackers affiliated with the North Korean government have stolen $1.2 billion worth of cryptocurrency.