Russia: North Korean Hackers Attacked Defense Sector

  • The North Korean hackers attacked Rostec.
  • The attacks happened earlier this year.
  • It is plausible it is a conjoined project with another nation.

In the spring of this year, the North Korean hacker group Kimsuky conducted several attacks on the Russian military and industrial organizations. Russian publication Kommersant reported this information, which was released on October 19. However, the name of the group is peculiar.

Rostec, officially the State Corporation for Assistance to Development, Production and Export of Advanced Technology Industrial Product Rostec, is a Russian state-owned holding conglomerate headquartered in Moscow that specializes in consolidating in strategically important companies, mainly in the defense and high-tech industries, by assisting in the development, production and export with the ultimate goal of capitalizing them and bringing them to an initial public offering (IPO).

As if the name of the group translated in English from Russian, the latter part included profanities. In addition, it is clarified that the Kimsuky group is also known by the names Velvet Chollima and Black Banshee, and is engaged in cyber espionage.

Over the past two years, the group has carried out attacks on American research institutions specializing in denuclearization (reducing nuclear weapons arsenals), and companies associated with cryptocurrencies.

Furthermore, this spring, hackers from the DPRK, taking advantage of the pandemic, carried out malicious mailings, including using social networks in order to get confidential information from Russian aerospace and defense companies. Hence, it would be plausible that this was not a first time occurrence.

Earlier this month, North Korea held a military parade to honor the 75th Anniversary of the Workers Party of Korea. During the parade a new piece of defense equipment was unveiled and the experts noticed it looked very similar to the Russian Armata tank.

However, could it be that China did the cyberattacks, but masked it under North Korean operation? North Korea and China could have a symbiotic relationship.

Moreover, one of the Russian companies that was attacked is the Rostec. It should be noted that Rostec did not confirm this information to the press. However, they did confirm that they observed the number of cyber attacks on the state Corporation’s resources increased from April to September.

Rostec also noted that most of the cyber attacks were of poor quality and did not pose a significant threat. Nevertheless, clearly such attempts have been made. Also, Russia never truly releases full information, even if the breach was more significant, nor will it release possible ways the Kremlin would retaliate in such cases.

Kim Jong-un (born 8 January 1983 or 1984) is a North Korean politician currently the Supreme Leader of North Korea since 2011 and Chairman of the Workers’ Party of Korea since 2012.

At the same time, as noted by Kaspersky lab cybersecurity expert Denis Legezo, some of the fraudulent messages from groups of North Korean hackers contain data on vacancies in the aerospace and defense industries. This, according to the expert, indicates the attackers’ interest in industrial espionage.

There is also a trend of trying to recruit Americans to work on the stolen information and technologies, but no elaboration was provided.

It has been reported in the Western media of the possible attacks on the defense sector by the same hacker group. Therefore, it could be an amalgamated project with North Korea and not just North Korea alone.

Given the trajectory, it is plausible to believe that China could be somehow involved in the operation. It could be even indirectly involved.

Importantly, there is no evidence of China’s involvement, but a hypothetical scenario, given China’s previous precedents involving technology theft.

[bsa_pro_ad_space id=4]

Christina Kitova

I spent most of my professional life in finance, insurance risk management litigation.

Leave a Reply