The hackers from the DPRK, who had previously attacked mainly South Korea, expanded the geography of their “work” and tried to hack military and industrial companies in Russia.
Cybersecurity experts from Group-IB report that in 2020 a number of Russian defense and industrial facilities were attacked by the North Korean hacker group Kimsuky, also known as Velvet Chollima and Black Banshee. According to Kommersant,referring Anastasia Tikhonova, the head of the Group-IB complex threat research department, was attacked by enterprises producing artillery equipment and armored vehicles in the territories of Russia, Ukraine, Slovakia, Turkey and South Korea.
The target of the hackers was confidential information from the aerospace and defense industries, as well as documentation, which indicates, among other things, industrial espionage. There is no information about the success of the attacks, but RT-Inform, a subsidiary of the state corporation Rostec, which specializes in information security, confirmed an increase in the number of cyber attacks from April to September 2020. Officially, Kimsuky involvement in them has not been confirmed, and the nature of the attacks itself did not pose a significant threat, but it is believed that they could be a test for studying the degree of security of systems.
Recall that the Kimsuky hacker group became known in 2010 and initially cybercriminals specialized in attacking various objects in South Korea. One of their most famous attacks was the 2014 hacking of the internal network of the operator of 23 nuclear reactors in South Korea, leading to the leakage of confidential documents. Subsequently, hackers from the DPRK expanded the geography of their attacks to organizations in other countries of the world.
Contact us: [email protected]