Contradicting Israel, cybersecurity firm says N. Korea breached defense industry
ClearSky says Lazarus hackers stole sensitive data from ‘several dozen’ companies, NY Times reports; Israel said concerned it could fall into Iranian hands
Researchers at the cybersecurity firm that first discovered an attack by North Korean hackers on Israeli defense security systems said the hack was successful, despite Defense Ministry claims to the contrary, the New York Times reported Wednesday.
Israeli defense officials are concerned that the large amounts of classified data stolen in the attack could be passed to Iran, a key ally of Pyongyang, according to the report.
Israeli defense authorities have said the cyberattack by the Lazarus group was thwarted and no data was compromised.
Israel and Iran have engaged in years of covert battles that have included high-tech hacking and cyberattacks. Israel said it thwarted a major cyber attack earlier this year targeting its water infrastructure, which was widely attributed to its archenemy Iran. Israel is suspected of retaliating two weeks later with a cyberattack on an Iranian port. Most famously, US and Israeli intelligence agencies are suspected of unleashing a computer worm called Stuxnet that disrupted Iran’s nuclear program.
ClearSky researchers said in the Wednesday report that the North Korean attack began last June when the hackers initially posed as a headhunter from the Boeing aerospace company and sent a message to a senior engineer at an unnamed Israeli government-owned company.
This was reportedly one of a number of occasions on which hackers created fake LinkedIn profiles for personnel recruiters and used them to approach their targets at Israeli firms.
The hackers would then ask for a phone number or email address, and sometimes even spoke to their targets on the telephone in an attempt to lend authenticity to the employment offers.
Targets told the New York Times they conversed with people who spoke fluent, unaccented English. Israeli officials told the outlet that this could signify that the hackers had outsourced some of their operations to teams outside of North Korea.
The hackers would then ask the targets if they could send an email with a list of requirements for the purported vacancy, at which point they would send a file containing spyware that infiltrated the computer and also attempted to penetrate classified networks.
The hacks “succeeded, in our assessment, to infect several dozen companies and organizations in Israel,” as well as in other countries, ClearSky told the newspaper.
The New York Times said that in 2019 ClearSky reported an effort by the group to hack into an unnamed Israeli defense company’s computers by sending emails in broken Hebrew that appeared to have been written using an online translation tool.
Boaz Dolev, the chief executive and owner of ClearSky, said his company then found North Korean hackers had installed hacking tools on Israeli networks, a sign that the attacks were becoming more sophisticated.
“North Korea’s Lazarus is once again proving high capability and originality in its social engineering and hacking methods,” Dolev said.
Israel’s Defense Ministry on Wednesday said the cyber-attack had been thwarted and no sensitive information was compromised. The ministry said the attempt was caught in real time, and “no harm or disruption was made to their networks.”
It was not immediately clear from the Defense Ministry statement how many officials had been targeted and which defense offices had been targeted.
The Defense Ministry identified the perpetrators only as “an international cyber group called ‘Lazarus,’ an organization that is backed by a foreign country.”
The Lazarus group has been identified elsewhere, including by the US Treasury, as an intelligence outfit of the North Korean regime.
It has been blamed for the 2014 hack on Sony Pictures Entertainment, and the WannaCry ransomware attack in 2017, which affected hundreds of thousands of computers in 150 countries.
Ivan Kwiatkowski, a researcher at Kaspersky, a cybersecurity company, said that in the alleged attack on Israel, Lazarus appears to have been attempting technology theft rather than financial gain.
“This is a very interesting development, because we tend to see Lazarus as an actor focused mostly on funds collection,” he said. “But as any other state-backed actor, its missions are diverse, and I think this is a prime example of other areas of interest the group has.”
The Associated Press contributed to this report.