North Korean Hackers Target South Korean Naval ShipyardsNation-State Attacks on Defense Manufacturers Rising Since November 2022
South Korean national intelligence has sounded alarms about North Korean hackers targeting the country's shipbuilding industry to steal naval military secrets. The agency said the hacks are part of North Korean leader Kim Jong Un's strategy to build larger, more advanced warships.
South Korea's National Intelligence Service said in a press release that it had observed North Korean hackers conducting "intensive hacking attacks" on South Korean shipbuilders in August and September.
"Such intensive attacks are presumed to have been made as Kim Jong Un ordered to build mid- to large-sized warships. North Korea is expected to continue such attacks against South Korean shipbuilders and component manufacturing firms," the agency warned.
The agency said it is notifying shipbuilders of threats to their systems and networks and advising major shipyards to conduct independent security audits to plug security holes in digital infrastructure.
South Korea's leading warship and submarine manufacturers are Daewoo Shipbuilding & Marine Engineering Co. Ltd. and Hyundai Heavy Industries. Hyundai is building a new batch of state-of-the-art guided missile destroyers featuring the American-made Aegis combat system.
The Daewoo shipyard suffered a major cyberattack in 2021 by North Korean hackers that compromised at least 60 naval design secrets, including designs for a nuclear-powered submarine. The shipyard also suffered an attack in April 2016 by North Korean hackers who compromised sensitive and classified secrets related to warship and submarine development.
Microsoft in its East Asia threat report in September said North Korean hacking groups also have conducted coordinated cyberattacks on defense companies in Brazil, the Czech Republic, Finland, Italy, Norway and Poland since January 2023 to improve the country's military capabilities. The hackers previously targeted and compromised defense firms in Germany and Israel between November 2022 and January 2023.
Microsoft said three North Korean hacker groups, which it tracks as Ruby Sleet, Diamond Sleet and Sapphire Sleet, "targeted the maritime and shipbuilding sector from November 2022 to January 2023."
"Microsoft had not previously observed this level of targeting overlaps across multiple North Korean activity groups, suggesting that maritime technology research was a high priority for the North Korean government at the time," it said.
Amid worsening tensions between the two nations over nuclear ballistic missile testing, North Korea's Kim Jong Un in August inspected the navy's latest warship, the Amnok-class corvette missile.
South Korea's National Intelligence Service did not disclose the names of the targeted shipbuilders but said the state-sponsored hackers had sent phishing emails to internal employees at targeted shipyards in an attempt to install malicious code into their systems.
The hackers specifically targeted personal computers operated by IT maintenance companies to infiltrate their networks, NIS said. The agency did not respond to Information Security Media Group query about the specific malware the hackers had sought to deploy or whether any systems had been compromised.