North Korean Hackers Attempted To Steal Sensitive Military Data

Diehl Defence anti-aircraft missiles from Baden-Württemberg are successfully intercepting Russian attacks on Kyiv, according to Mayor Vitali Klitschko.

The German-supplied technology has achieved a 100% hit rate in defending the Ukrainian capital.

The German government plans to install Diehl missile defense systems on three new government aircraft, which will equip the aircraft with advanced capabilities for self-defense against missile threats.

North Korean hackers conducted a months-long cyberattack targeting a German arms company with the aim of acquiring sensitive information regarding their military technology.

Interest In Military Technology

North Korean hacker group Kimsuky, working for the military intelligence service, employed phishing tactics to distribute spyware-laden fake job offers, whose goal was to steal sensitive information by deceiving potential victims and disguising their malicious activities.

Mandiant’s IT security experts detected the “Kimsuky” hackers targeting specific geographic areas in Germany during the first quarter of 2024.

The hackers exhibited interest in obtaining information related to phone number registration processes in the country.

The hackers created a phishing website in April that used a misspelled version of a defense company’s name, Dihl Defence, to target specific individuals or organizations, which was designed to trick victims into clicking on malicious links or downloading malware.

Hackers lured potential victims with fake job offers, enticing them with high salaries and flexible work hours.

Those who clicked on the attached document were unknowingly infected with spyware that silently infiltrated their systems, granting hackers unauthorized access.

According to ZDF, the hackers’ server, associated with Diehl Defence’s headquarters in Überlingen, hosted spy software capable of capturing screenshots, accessing files, and downloading additional malicious programs. 

The “Kimsuky” hackers created a fake login portal on the “Überlingen” site, impersonating Deutsche Telekom by tricking users into logging in with their Telekom credentials, which were then stolen, which allowed the hackers to obtain usernames and passwords.

Diehl Defence refused to comment on a cyberattack targeting German entities, while the Federal Office for Information Security confirmed a “Germany campaign” by hackers since May 2024.

North Korean hackers, likely affiliated with “Kimsuky,” are actively targeting sensitive information from nuclear weapons researchers, international security institutions, and arms companies, which suggests that North Korea’s pursuit of sensitive technology and intelligence remains a priority.

Free Webinar on How to Protect Small Businesses Against Advanced Cyberthreats -> Free Webinar