ua en ru

North Korean hackers breach networks of Russian largest missile manufacturer

North Korean hackers breach networks of Russian largest missile manufacturer North Korean backers breach networks of Russian largest missile manufacturer (Photo: Vitalii Nosach, RBC-Ukraine)

According to Reuters, in a covert operation lasting at least five months last year, a group of North Korean hackers successfully infiltrated the computer networks of a major Russian missile developer.

Cyber espionage groups linked to the North Korean government, known as ScarCruft and Lazarus as identified by security researchers, discreetly implanted hidden digital entrances into the systems at NPO Mashinostroyeniya, a rocket design bureau, situated in Reutov, a small town on the outskirts of Moscow.

The agency could not ascertain whether data was stolen during the intrusion. In the months following the digital breach, Pyongyang announced several changes in its banned ballistic missile program. It remains unclear if these changes were related to the breach.

Experts suggest that this incident illustrates how an isolated nation like North Korea targets even its allies, such as Russia, in its bid to acquire critically important technologies.

Missile manufacturer

The news of this breach surfaced shortly after Russian Defense Minister, Sergei Shoigu, visited Pyongyang last month to commemorate the 70th anniversary of the Korean War. This marked the first visit by a Russian defense minister to North Korea since the collapse of the Soviet Union in 1991.

According to missile experts, the targeted company, widely recognized as NPO Mashinostroyeniya, rocket design bureau, has been at the forefront of developing hypersonic missiles, satellite technologies, and next-generation ballistic weaponry – three areas of significant interest to North Korea since it embarked on its mission to create an intercontinental ballistic missile (ICBM) capable of striking the continental U.S.

The breach

Technical data indicates that the intrusion began around the end of 2021 and persisted until May 2022. Russian IT engineers, as confirmed by internal company communications reviewed by Reuters, detected the hackers' activity.

The hackers managed to breach the company's IT environment, granting them access to read email traffic, navigate between networks, and extract data, according to Tom Hegel, a security researcher at the American company SentinelOne, specializing in cybersecurity, who initially uncovered the breach.

"These findings provide rare insight into the clandestine cyber operations that traditionally remain concealed from public scrutiny or are simply never caught by such victims," Hegel said.

Hegel's security analyst team at SentinelOne became aware of the breach after discovering that an employee of the rocket design bureau accidentally leaked internal communications, attempting to investigate the North Korean attack. The employee uploaded evidence onto a private portal used by cybersecurity researchers worldwide.

North Korean dictator Kim Jong-un ordered an increase in weapon production, demanding the initiation of mass production of "various types of advanced engines for strategic weaponry".