North Korean hackers have targeted employees of Diehl Defence, a German arms manufacturer, in a suspected attempt to steal sensitive information, according to reports from Der Spiegel and ZDF. The attacks, which began in April, were carried out by a group known as “Kimsuky”, which cybersecurity experts believe operates on behalf of the North Korean government.
Boevaya mashina, CC BY-SA 3.0, via Wikimedia Commons
Diehl Defence is a key supplier of the IRIS-T air-to-air missile system, which has been provided to the Ukrainian military to defend against Russian attacks. The system has proven highly effective, with Kyiv’s mayor describing it as having a “100% hit rate” in March 2023. Germany is also considering the IRIS-T for the LVS NNbS tender because Diehl Defence, the manufacturer of the IRIS-T missile system, is part of a consortium that submitted a bid for the LVS NNbS contract. The LVS NNbS is a tender for the future German short-range and very short-range air defence system.
The attacks on Diehl Defence involved the hackers creating fake job postings for highly paid security consultant positions in Berlin, designed to entice Diehl employees. These postings were distributed via email and directed victims to a website controlled by the hackers. The hackers also set up a website that mimicked the Diehl Defence website, deliberately misspelling the company’s name as “Dihl Defence”. They also created fake login pages for Deutsche Telekom and GMX, popular German companies, to steal user credentials. When victims opened the malicious job postings or entered their login details on the fake websites, their computers were infected with spyware capable of stealing files, recording keystrokes, and taking screenshots.
The attack on Diehl Defence is particularly concerning given the company’s involvement in the development of South Korea’s KF-21 fighter jet. Diehl Defence is responsible for integrating the IRIS-T missile system onto the KF-21, a significant development in South Korea’s defense capabilities. The hackers’ interest in Diehl Defence could stem from a desire to obtain sensitive information about the IRIS-T system and its integration with the KF-21.
While Diehl Defence declined to comment on the specifics of the attack, a spokesperson for the company stated that they are taking measures to protect themselves against “all threats”. The German Federal Office for Information Security (BSI) confirmed that they are aware of the campaign targeting Diehl Defence and other German organizations.
The attack highlights the increasing sophistication of North Korean cyber operations and the ongoing threat posed to defense companies worldwide. As tensions on the Korean Peninsula remain high, North Korea’s pursuit of advanced military technology, potentially through cyber espionage, is a serious concern for the international community.
For more information, hit the Source below