Lazarus Group, a North Korean backed hacking group mounted a cyberattack on the Israel defence industry. While Israel says the attack was thwarted, a cybersecurity firm says it was successful, leading to fear that classified data stolen by North Korea could be shared with Iran.
Israel claimed that it had thwarted a cyberattack by a North Korea-linked hacking group on its classified defence industry. The Defense Ministry said the attack was deflected “in real-time” and that there was no “harm or disruption” to its computer systems.
However, security researchers at ClearSky, the international cybersecurity firm that first exposed the attack, said the North Korean hackers penetrated the computer systems and were likely to have stolen a large amount of classified data.
Israeli officials fear the data could be shared with North Korea’s ally, Iran. Such a transfer of information could prove costly for Tel Aviv with Tehran looking to take revenge for an attack on its Natanz nuclear facility.
The North Korean attack on Israeli defence industry began with a LinkedIn message last June, ClearSky researchers said. North Korean hackers posing as a Boeing headhunter sent a message to a senior engineer at an Israeli government-owned company that manufactures weapons for the Israeli military and intelligence.
The hackers created a fake LinkedIn profile for the headhunter, Dana Lopp. There is indeed a real Ms Lopp, a senior personnel recruiter at Boeing. Ms Lopp was one of several headhunters from prominent defence and aerospace companies — including Boeing, McDonnell Douglas and BAE Systems — whom North Korea’s hackers mimicked on LinkedIn.
After establishing contact with their Israeli targets, the hackers asked for an email address or phone number to connect via WhatsApp or, to increase credibility, suggested switching to a live call. Some of those who received the calls, and whom ClearSky approached later, said the other side spoke English without an accent and sounded credible.
That level of sophistication had not been demonstrated by Lazarus before, the researchers said. Israeli officials speculated that North Korea may have outsourced some of their operations to native English speakers abroad.
At some point, the hackers asked to send their targets a list of job requirements. That file contained invisible spyware that infiltrated the employee’s personal computer and attempted to crawl into classified Israeli networks.
North Korea’s mission to the United Nations in New York did not immediately respond to a request for comment. Pyongyang has in the past denied allegations of cyber-attacks and accused the United States of spreading rumours.
The Lazarus hacker group backed by Pyongyang was first exposed by U.S. federal prosecutors which said that the group was working on behalf of Lab 110, a North Korean military intelligence unit.
The complaint accused the group of playing a role in North Korea’s devastating 2017 ransomware attack, known as “WannaCry,” which paralyzed 300,000 computers across 150 countries; the 2016 cyber-theft of $81 million from Bangladesh Bank; and the crippling 2014 cyberattack at Sony Pictures Entertainment that resulted in the leak of executive emails and destroyed more than two-thirds of the studio’s computer servers.
Though the group’s track record is mixed, North Korea’s growing army of more than 6,000 hackers has grown only more sophisticated and emboldened with time, according to American and British officials tracking the group.
In a report last April, officials at the State Department, the Department of Homeland Security, the Treasury Department and the F.B.I. accused North Korea of increasingly using digital means to evade sanctions and generate income for its nuclear weapons program.
According to Boaz Dolev, the chief executive and owner of ClearSky, the latest cyberattack is once again proving high capability and originality in Lazarus Groups’ social engineering and hacking methods.
The better corporate security becomes, he said, the more nation-states and cybercriminals will try to target employees’ personally via social media and email phishing attacks.
“Attackers always look for new vulnerabilities,” he said. The better the defences, “the more attacks will focus on employees, their families and home computing equipment.”