Two North Korean hacker groups had access to the internal systems of Russian missile and satellite developer NPO Mashinostoyeniya for five to six months, cyber security firm SentinelOne asserted on Monday. The attack illustrates potential North Korean efforts to advance development of missile and other military tech via cyber espionage.
“Our findings identify two instances of North Korea-related compromise of sensitive internal IT infrastructure within this same Russian defense industrial base (DIB) organization, including a specific email server, alongside use of a Windows backdoor dubbed OpenCarrot,” said the cyber security researchers.
State-backed hacker group ScarCruft was identified as the force behind the email server compromise, while the Windows backdoor was attributed to Lazarus Group. OpenCarrot has previously been detected during Lazarus Group activities. It enables full compromise of infected machines and coordination across an infected network.
The variant used in this incident “supports proxying C2 communication through the internal network hosts and directly to the external server,” according to SentinelOne’s researchers.