NPS Warning: North Korea-linked APTs Targeting South Korean Defense Companies

The National Police Agency (NPA) in South Korea has issued a warning to defense industry companies, stating that North Korea-linked advanced persistent threat (APT) groups, including Lazarus, Andariel, and Kimsuky, have been targeting them to steal sensitive information. The NPA advised that these APT groups typically gain access to target networks through subcontractor systems and maintain a presence on the network for a long time to monitor and steal valuable data.

The warning details three specific cases of attacks, the first attributed to Lazarus, which targeted a defense industry company, compromising an internal network and stealing data from employee computers. The second, attributed to Andariel, involved an employee account at a company that maintains servers for a defense industry company being compromised, allowing the group to deploy malware on the servers of subcontractors and exfiltrate defense technology data. The third, attributed to Kimsuky, exploited a vulnerability in an email server of a defense subcontractor to download sensitive files.

The NPA has recommended that organizations in the defense industry implement enhanced cybersecurity measures to protect themselves from these highly sophisticated attacks. They have also vowed to continue to track and investigate state-sponsored hacking groups linked to North Korea.