Cybersecurity firm: N. Korea hack successfully breached Israel defense industry
Researchers at the cybersecurity firm that first discovered an attack by North Korean hackers on Israeli defense security systems said the hack was successful, despite Defense Ministry claims to the contrary, the New York Times reported Wednesday.
Israeli defense officials are concerned that the large
amounts of classified data stolen in the attack could be passed to Iran, a key
ally of Pyongyang, according to the report.
Israeli defense authorities have said the cyberattack by the
Lazarus group was thwarted and no data was compromised.
Israel and Iran have engaged in years of covert battles that
have included high-tech hacking and cyberattacks. Israel said it thwarted a
major cyber attack earlier this year targeting its water infrastructure, which
was widely attributed to its archenemy Iran. Israel is suspected of retaliating
two weeks later with a cyberattack on an Iranian port. Most famously, US and
Israeli intelligence agencies are suspected of unleashing a computer worm
called Stuxnet that disrupted Iran’s nuclear program.
ClearSky researchers said in the Wednesday report that the
North Korean attack began last June when the hackers initially posed as a
headhunter from the Boeing aerospace company and sent a message to a senior
engineer at an unnamed Israeli government-owned company.
This was reportedly one of a number of occasions on which
hackers created fake LinkedIn profiles for personnel recruiters and used them
to approach their targets at Israeli firms.
The hackers would then ask for a phone number or email
address, and sometimes even spoke to their targets on the telephone in an
attempt to lend authenticity to the employment offers.
Targets told the New York Times they conversed with people
who spoke fluent, unaccented English. Israeli officials told the outlet that
this could signify that the hackers had outsourced some of their operations to
teams outside of North Korea.
The hackers would then ask the targets if they could send an
email with a list of requirements for the purported vacancy, at which point
they would send a file containing spyware that infiltrated the computer and
also attempted to penetrate classified networks.
The hacks “succeeded, in our assessment, to infect several
dozen companies and organizations in Israel,” as well as in other countries,
ClearSky told the newspaper.
The New York Times said that in 2019 ClearSky reported an
effort by the group to hack into an unnamed Israeli defense company’s computers
by sending emails in broken Hebrew that appeared to have been written using an
online translation tool.
Boaz Dolev, the chief executive and owner of ClearSky, said
his company then found North Korean hackers had installed hacking tools on
Israeli networks, a sign that the attacks were becoming more sophisticated.
“North Korea’s Lazarus is once again proving high capability
and originality in its social engineering and hacking methods,” Dolev said.
Israel’s Defense Ministry on Wednesday said the cyber-attack
had been thwarted and no sensitive information was compromised. The ministry
said the attempt was caught in real time, and “no harm or disruption was made
to their networks.”
It was not immediately clear from the Defense Ministry
statement how many officials had been targeted and which defense offices had
been targeted.
The Defense Ministry identified the perpetrators only as “an
international cyber group called ‘Lazarus,’ an organization that is backed by a
foreign country.”
The Lazarus group has been identified elsewhere, including
by the US Treasury, as an intelligence outfit of the North Korean regime.
It has been blamed for the 2014 hack on Sony Pictures
Entertainment, and the WannaCry ransomware attack in 2017, which affected
hundreds of thousands of computers in 150 countries.
Ivan Kwiatkowski, a researcher at Kaspersky, a cybersecurity
company, said that in the alleged attack on Israel, Lazarus appears to have
been attempting technology theft rather than financial gain.
“This is a very interesting development, because we tend to
see Lazarus as an actor focused mostly on funds collection,” he said. “But as
any other state-backed actor, its missions are diverse, and I think this is a
prime example of other areas of interest the group has.”
Comments
Post a Comment