Cyber Security News

North Korean Hackers Attempted To Steal Sensitive Military Data

Diehl Defence anti-aircraft missiles from Baden-Württemberg are successfully intercepting Russian attacks on Kyiv, according to Mayor Vitali Klitschko.

The German-supplied technology has achieved a 100% hit rate in defending the Ukrainian capital.

The German government plans to install Diehl missile defense systems on three new government aircraft, which will equip the aircraft with advanced capabilities for self-defense against missile threats.

North Korean hackers conducted a months-long cyberattack targeting a German arms company with the aim of acquiring sensitive information regarding their military technology.

Interest In Military Technology

North Korean hacker group Kimsuky, working for the military intelligence service, employed phishing tactics to distribute spyware-laden fake job offers, whose goal was to steal sensitive information by deceiving potential victims and disguising their malicious activities.

Mandiant’s IT security experts detected the “Kimsuky” hackers targeting specific geographic areas in Germany during the first quarter of 2024.

The hackers exhibited interest in obtaining information related to phone number registration processes in the country.

The hackers created a phishing website in April that used a misspelled version of a defense company’s name, Dihl Defence, to target specific individuals or organizations, which was designed to trick victims into clicking on malicious links or downloading malware.

Hackers lured potential victims with fake job offers, enticing them with high salaries and flexible work hours.

Those who clicked on the attached document were unknowingly infected with spyware that silently infiltrated their systems, granting hackers unauthorized access.

According to ZDF, the hackers’ server, associated with Diehl Defence’s headquarters in Überlingen, hosted spy software capable of capturing screenshots, accessing files, and downloading additional malicious programs. 

The “Kimsuky” hackers created a fake login portal on the “Überlingen” site, impersonating Deutsche Telekom by tricking users into logging in with their Telekom credentials, which were then stolen, which allowed the hackers to obtain usernames and passwords.

Diehl Defence refused to comment on a cyberattack targeting German entities, while the Federal Office for Information Security confirmed a “Germany campaign” by hackers since May 2024.

North Korean hackers, likely affiliated with “Kimsuky,” are actively targeting sensitive information from nuclear weapons researchers, international security institutions, and arms companies, which suggests that North Korea’s pursuit of sensitive technology and intelligence remains a priority.

Free Webinar on How to Protect Small Businesses Against Advanced Cyberthreats -> Free Webinar

Aman Mishra

Recent Posts

Massive Credit Card Leak, Database of 1,221,551 Cards Circulating on Dark Web

A massive data breach has sent shockwaves across the globe, as a database containing sensitive…

32 minutes ago

Nearest Neighbor Attacks: Russian APT Hack The Target By Exploiting Nearby Wi-Fi Networks

Recent research has revealed that a Russian advanced persistent threat (APT) group, tracked as "GruesomeLarch"…

2 days ago

240+ Domains Used By PhaaS Platform ONNX Seized by Microsoft

Microsoft's Digital Crimes Unit (DCU) has disrupted a significant phishing-as-a-service (PhaaS) operation run by Egypt-based…

3 days ago

Russian TAG-110 Hacked 60+ Users With HTML Loaded & Python Backdoor

The Russian threat group TAG-110, linked to BlueDelta (APT28), is actively targeting organizations in Central…

3 days ago

Earth Kasha Upgraded Their Arsenal With New Tactics To Attack Organizations

Earth Kasha, a threat actor linked to APT10, has expanded its targeting scope to India,…

3 days ago

Raspberry Robin Employs TOR Network For C2 Servers Communication

Raspberry Robin, a stealthy malware discovered in 2021, leverages advanced obfuscation techniques to evade detection…

3 days ago