Apparently, loose alliances between governments don’t extend to the digital realm—North Korean attackers not only breached a Russian missile maker but resided in its systems for nearly six months.
Both the Lazarus and ScarCruft gangs inserted digital backdoors into NPO Mashinostroyeniya’s system, according to a report from Reuters, which discovered the caper.
Not much is known about the bad actors’ exploits—the rocket developer didn’t offer details to Reuters, nor did the Russian Embassy in Washington respond; the news outlet couldn’t figure out if data was taken. But what is known is that the attack became known after Russian defense minister Sergei Shoigu traveled to Pyongyang to mark the anniversary of the Korean War and North Korea made announcements about changes to its ballistic missile program, which is currently banned.
But the report cited findings by SentinelOne that led the security firm to believe that the threat actors were able to read email, move from network to network and tease out data. “These findings provide rare insight into the clandestine cyber operations that traditionally remain concealed from public scrutiny or are simply never caught by such victims,” Reuters said, citing Tom Hegel, a security researcher with SentinelOne.
“The initial attack vector or method is still unknown, but the wealth of information that was gleaned from the accidental email leak is incredible,” said Timothy Morris, chief security advisor at Tanium. “Not to mention, funny; sometimes luck is better than skill when it comes to finding intrusions.”