South Korea, Germany jointly warn of North Korea’s defense technology theft

By Dain Oh, The Readable
Feb. 19, 2024 9:19PM GMT+9

Intelligence agencies from South Korea and Germany jointly issued a security advisory concerning cyber threats from North Korea, primarily regarding the theft of advanced defense technology. This marks the second occasion that the two countries have issued a joint cybersecurity statement against cyberattacks attributed to the Pyongyang regime.

On February 19, the National Intelligence Service (NIS) of South Korea and the Federal Office for the Protection of the Constitution (BfV) of Germany issued a joint cybersecurity advisory. This advisory calls for heightened security awareness in response to ongoing cyber campaigns originating from North Korea.

The two agencies disclosed details about the tactics, techniques, and procedures (TTPs)—a term commonly used among cybersecurity experts—and indicators of compromise (IoCs) utilized by Pyongyang’s threat actors.

The statement also highlighted two representative incidents. In the first case, it was revealed that North Korean hackers had exploited a website maintenance vendor to infiltrate a defense research center at the end of 2022. This incident is an example of a supply chain attack, where threat actors target and exploit the most vulnerable element within the software supply chain of their intended victim to gain unauthorized access.

In the second case, the statement showcased the “distinctive skills in social engineering” of the Lazarus group, whose ultimate objective, it is believed, is to serve the national interests of North Korea. According to the advisory, Lazarus operatives created counterfeit profiles on the social networking service LinkedIn, posing as recruiters. They reached out to employees within the defense industry. Once they had established mutual trust, these operatives guided their targets to other online platforms, such as WhatsApp and Telegram, to continue their discussions. Subsequently, they enticed the targets to download files that contained malicious features.

In their announcement, the BfV stated, “The BfV and NIS assess that the [North Korean] regime is utilizing military technologies to modernize and enhance the capabilities of conventional weapons and to develop new strategic weapon systems, including reconnaissance satellites and submarines. The DPRK increasingly resorts to cyber espionage as a cost-effective method to acquire military technologies.”

In its press release, the NIS emphasized the significance of the latest joint advisory. “The joint cybersecurity advisory issued by both agencies demonstrates our firm stance against tolerating the technology theft operations North Korea is conducting on a global scale,” stated the NIS.

The initial joint advisory, released in March of the previous year, focused on the North Korean state-sponsored hacking group Kimsuky. It disclosed that Kimsuky had been intercepting emails to and from Google users by exploiting the Chromium extension program, an open-source web browser project predominantly developed by Google.

ohdain@thereadable.co

The cover image of this article was designed by Areum Hwang. This article was copyedited by Arthur Gregory Willers.

Dain Oh is a distinguished journalist based in South Korea, recognized for her exceptional contributions to the field. As the founder and editor-in-chief of The Readable, she has demonstrated her expertise in leading media outlets to success. Prior to establishing The Readable, Dain was a journalist for The Electronic Times, a prestigious IT newspaper in Korea. During her tenure, she extensively covered the cybersecurity industry, delivering groundbreaking reports. Her work included exclusive stories, such as the revelation of incident response information sharing by the National Intelligence Service. These accomplishments led to her receiving the Journalist of the Year Award in 2021 by the Korea Institute of Information Security and Cryptology, a well-deserved accolade bestowed upon her through a unanimous decision. Dain has been invited to speak at several global conferences, including the APEC Women in STEM Principles and Actions, which was funded by the U.S. State Department. Additionally, she is an active member of the Asian American Journalists Association, further exhibiting her commitment to journalism.