Asia

North Korea-Affiliated Hackers Compromised Israel's Defence Networks, Cybersecurity Firm Says

The hacker group - linked to the DPRK by some cybersecurity experts - previously engaged in making money off of ransomware attacks, but is now thought to be engaged in technology theft.
Sputnik

The UK-based Clear Sky cybersecurity company said that it had detected what is claimed to be a successful cyberattack on several dozen Israeli assetts by a hacker group called Lazarus. The hacks are said to have affected defence and government companies, as well as their employees. The group is believed to be linked to North Korean authorities, Clear Sky claims.

The operation, which Clear Sky dubbed 'dream job', reportedly involved group members engaging in social engineering efforts targeting employees of the unnamed Israeli companies. Staffers were offered a position at prominent defence companies like Boeing or BAE, with Lazarus went to great lengths to convince them that it was not a scam, the cybersecurity firm claimed. Lazarus is thought to have created fake LinkedIn profiles and made telephone calls with potential 'recruits', reportedly speaking fluent English, without an accent.

When their social engineering methods succeeded they would, under various pretexts, send a PDF file to the Israeli employee which contained malware that would later infect their PCs and in some cases their workstations, Clear Sky stated.
Israel is Not Responsible in Alleged NSO-Whatsapp Hack - Minister

It's not clear what the purported hacker group was trying to achieve, but the British cybersecurity company alleged that their primary target was information on company activities and financial affairs, in order to earn money by exploiting the information. The firm offered that other data may have been stolen for corporate espionage, and could possibly have been transferred to third-parties such as Iran.

The Israeli Defence Ministry, while admitting that a hacking attempt had been made, claims that it was thwarted. The ministry stated that no sensitive information was stolen and that its networks were not disrupted in the cyberattack.

Discuss