North Korean hackers breached top Russian missile maker

News
By
published

Two separate North Korean groups targeting the same entity

A white padlock on a dark digital background.
(Image credit: Shutterstock.com)

Russia and North Korea may reprotedly be allies on paper, but in the real world, this may not be as concrete, as two North Korean state-sponsored threat actors have been found targeting an important Russian missile engineering company.

Cybersecurity researchers from SentinelOne discovered two groups - StarCruft and Lazarus Group, targeting NPO Mashinostroyenia. StarCruft managed to compromised “sensitive internal IT infrastructure”, including an email server. 

Lazarus, on the other hand, used a Windows backdoor known as OpenCarrot. The former is under the direct command of the Ministry of State Security, while the latter answers to the Reconnaissance General Bureau (RGB), the country’s main foreign intelligence service.

OpenCarrot

OpenCarrot is a versatile piece of malware, the researchers further explained, capable of “full compromise”. It sports 25 different commands, allowing the threat actors to spy on its victims, edit file systems, and operate multiple mechanisms of communication. 

"With a wide range of supported functionality, OpenCarrot enables full compromise of infected machines, as well as the coordination of multiple infections across a local network," said security researchers Tom Hegel and Aleksandar Milenkoski.

Read more

> FBI confirms North Korean Lazarus Group was behind major Harmony crypto heist

> FBI says North Korean Lazarus group was behind huge crypto theft

> These are the best firewalls today

In hindsight, the choice of target isn’t that surprising, knowing that North Korea is investing heavy resources into developing its highly controversial missile program which, among other things, resulted in countless international sanctions. NPO Mashinostroyeniya, on the other hand, is a rocket design bureau based in Reutov, the media say. It was blacklisted by the U.S. Department of Treasury back in 2014, due to "Russia's continued attempts to destabilize eastern Ukraine and its ongoing occupation of Crimea."

This is one of the rare recorded examples of allies targeting allies through cyber-warfare, in order to advance their strategic goals. Time describes the North Korean government as being “hell-bent” on developing its nuclear program and missile capabilities for over 60 years now.

Via: The Hacker News

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.