North Korean groups tied to cyberattacks on South Korean defense firms

1 min read


  • Major North Korean hacker groups attempted cyberattacks against South Korean defense companies, stealing technical data.
  • The identified groups include Lazarus, Kimsuky, and Andariel, known to global law enforcement and cybersecurity researchers.

Authorities in South Korea revealed that three North Korean hacker groups, Lazarus, Kimsuky, and Andariel, were responsible for cyberattacks on South Korean defense companies, stealing technical data. The attacks occurred between October 2022 and July 2023, with some companies being completely unaware until contacted by law enforcement. The breach involved the infiltration of 83 defense companies’ networks, with confidential information stolen from about 10 of them. For example, Lazarus hacked a defense industry company’s server in November 2022 and transferred important data to an overseas cloud server. Andariel leaked defense company data by hijacking an employee account. Kimsuky stole technical data from a company from April to July 2023 through exploitation of a vulnerability. These groups have a history of targeting critical South Korean industries and were part of an ongoing cyber-espionage operation targeting the global defense sector. The police did not disclose the specific companies or data that were compromised.

Daryna Antoniuk, a reporter for Recorded Future News based in Ukraine, covered the article. She has previously written about cybersecurity startups, cyberattacks in Eastern Europe, and the cyberwar between Ukraine and Russia. Her work has been featured in Forbes Ukraine, Sifted, The Kyiv Independent, and The Kyiv Post.

Previous Story

Russian hackers attack Ukrainian energy sector in cyber siege

Next Story

Russia’s Fancy Bear crushes Windows Print Spooler Bug

Latest from News