Israel says it fended off North Korean hack attempt against defense industry

Cyber criminals from Lazarus group built fake LinkedIn accounts, tried to woo Israeli officials with lucrative job opportunities to gain access to their networks

Illustrative. An IDF soldier from the C4I Corps types on a computer. (Israel Defense Forces)
Illustrative. An IDF soldier from the C4I Corps types on a computer. (Israel Defense Forces)

The Defense Ministry on Wednesday said hackers from a group linked to the North Korean government targeted Israeli defense officials, luring them with fake job offers in a failed attempt to gain access to the databases of the country’s top defense industries.

In a statement, the ministry said the attempted cyber-attack by the Lazarus Group was thwarted and no sensitive information was compromised.

“Members of the group used various hacking techniques, including ‘social engineering’ and impersonation,” and built fake profiles on LinkedIn, said the Defense Ministry.

“The attackers impersonated managers, CEOs and leading officials in HR departments, as well as representatives of international companies, and contacted employees of leading defense industries in Israel, with the aim of developing discussions and tempting them with various job opportunities,” it said.

“In the process of sending the job offers, the attackers attempted to compromise the computers of these employees, to infiltrate their networks and gather sensitive security information. The attackers also attempted to use the official websites of several companies in order to hack their systems.”

It was not immediately clear from the Defense Ministry statement how many officials had been targeted, when the attack took place, and what defense offices had been targeted.

The ministry said the attempt was caught in real time, and “no harm or disruption was made to their networks.”

However, journalist Ronen Bergman noted on Twitter that some Israeli officials defense were worried about information having been compromised.

The Defense Ministry identified the perpetrators only as “an international cyber group called ‘Lazarus,’ an organization that is backed by a foreign country.”

The Lazarus group has been identified elsewhere, including by the US Treasury, as an intelligence outfit of the North Korean regime.

It has been blamed for the 2014 hack on Sony Pictures Entertainment, and the WannaCry ransomware attack in 2017, which affected hundreds of thousands of computers in 150 countries.

“The Director of Security for the Defense Establishment will continue its work in thwarting attempts to breach the networks of Israeli defense industries, and any attempts to harm the technological capabilities and assets of the State of Israel,” the ministry said.

Ivan Kwiatkowski, a researcher at Kaspersky, a cybersecurity company, said that in the alleged attack on Israel, Lazarus appears to have been attempting technology theft rather than financial gain.

“This is a very interesting development, because we tend to see Lazarus as an actor focused mostly on funds collection,” he said. “But as any other state-backed actor, its missions are diverse, and I think this is a prime example of other areas of interest the group has.”

Israel said it thwarted a major cyber attack earlier this year targeting its water infrastructure, which was widely attributed to its archenemy Iran. Israel is suspected of retaliating two weeks later with a cyberattack on an Iranian port.

Israel and Iran have engaged in years of covert battles that have included high-tech hacking and cyberattacks. Most famously, US and Israeli intelligence agencies are suspected of unleashing a computer worm called Stuxnet that disrupted Iran’s nuclear program.

The Associated Press contributed to this report.

Most Popular
read more: