Thursday, December 5, 2024
HomeCyber AttackNorth Korean Hackers Attempted To Steal Sensitive Military Data

North Korean Hackers Attempted To Steal Sensitive Military Data

Published on

SIEM as a Service

Diehl Defence anti-aircraft missiles from Baden-Württemberg are successfully intercepting Russian attacks on Kyiv, according to Mayor Vitali Klitschko.

The German-supplied technology has achieved a 100% hit rate in defending the Ukrainian capital.

The German government plans to install Diehl missile defense systems on three new government aircraft, which will equip the aircraft with advanced capabilities for self-defense against missile threats.

- Advertisement - SIEM as a Service

North Korean hackers conducted a months-long cyberattack targeting a German arms company with the aim of acquiring sensitive information regarding their military technology.

Interest In Military Technology

North Korean hacker group Kimsuky, working for the military intelligence service, employed phishing tactics to distribute spyware-laden fake job offers, whose goal was to steal sensitive information by deceiving potential victims and disguising their malicious activities.

Mandiant’s IT security experts detected the “Kimsuky” hackers targeting specific geographic areas in Germany during the first quarter of 2024.

The hackers exhibited interest in obtaining information related to phone number registration processes in the country.

The hackers created a phishing website in April that used a misspelled version of a defense company’s name, Dihl Defence, to target specific individuals or organizations, which was designed to trick victims into clicking on malicious links or downloading malware.

Hackers lured potential victims with fake job offers, enticing them with high salaries and flexible work hours.

Those who clicked on the attached document were unknowingly infected with spyware that silently infiltrated their systems, granting hackers unauthorized access.

According to ZDF, the hackers’ server, associated with Diehl Defence’s headquarters in Überlingen, hosted spy software capable of capturing screenshots, accessing files, and downloading additional malicious programs. 

The “Kimsuky” hackers created a fake login portal on the “Überlingen” site, impersonating Deutsche Telekom by tricking users into logging in with their Telekom credentials, which were then stolen, which allowed the hackers to obtain usernames and passwords.

Diehl Defence refused to comment on a cyberattack targeting German entities, while the Federal Office for Information Security confirmed a “Germany campaign” by hackers since May 2024.

North Korean hackers, likely affiliated with “Kimsuky,” are actively targeting sensitive information from nuclear weapons researchers, international security institutions, and arms companies, which suggests that North Korea’s pursuit of sensitive technology and intelligence remains a priority.

Free Webinar on How to Protect Small Businesses Against Advanced Cyberthreats -> Free Webinar

Latest articles

HCL DevOps Deploy / Launch Vulnerability Let Embed arbitrary HTML tags

Recently identified by security researchers, a new vulnerability in HCL DevOps Deploy and HCL...

CISA Warns of Zyxel Firewalls, CyberPanel, North Grid, & ProjectSend Flaws Exploited in Wild

The Cybersecurity and Infrastructure Security Agency (CISA) has issued warnings about several vulnerabilities being...

HackSynth : Autonomous Pentesting Framework For Simulating Cyberattacks

HackSynth is an autonomous penetration testing agent that leverages Large Language Models (LLMs) to...

Fuji Electric Indonesia Hit by Ransomware Attack

Fuji Electric Indonesia has fallen victim to a ransomware attack, impacting its operations and...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

HCL DevOps Deploy / Launch Vulnerability Let Embed arbitrary HTML tags

Recently identified by security researchers, a new vulnerability in HCL DevOps Deploy and HCL...

CISA Warns of Zyxel Firewalls, CyberPanel, North Grid, & ProjectSend Flaws Exploited in Wild

The Cybersecurity and Infrastructure Security Agency (CISA) has issued warnings about several vulnerabilities being...

HackSynth : Autonomous Pentesting Framework For Simulating Cyberattacks

HackSynth is an autonomous penetration testing agent that leverages Large Language Models (LLMs) to...