North Korean hackers likely used new vulnerability to breach ROK defense firm



Analysis North Korean hackers likely used new vulnerability to breach ROK defense firm Researchers link attacks against South Korean aerospace and nuclear research sectors to DPRK, warn of further breaches Nils Weisensee July 1, 2021 SHARE COPY LINK FACEBOOK X LINKEDIN MASTODON NK News (file photo) After a series of hacks against South Korea’s nuclear research and defense sectors, the cybersecurity firm TeamT5 said a group linked to North Korea likely used a previously unknown vulnerability and new malicious tools to break into the highly sensitive systems. According to a report published on Wednesday, researchers said they believe a group labelled “CloudDragon” used a so-called zero-day exploit called MemzipRAT to install a backdoor and gain access to the organizations’ networks. The experts consider CloudDragon to be one of two sub-groups commonly referred to as Kimsuky, which has long been suspected of working on behalf of the DPRK. After a series of hacks against South Korea’s nuclear research and defense sectors, the cybersecurity firm TeamT5 said a group linked to North Korea likely used a previously unknown vulnerability and new malicious tools to break into the highly sensitive systems. According to a report published on Wednesday, researchers said they believe a group labelled “CloudDragon” used a so-called zero-day exploit called MemzipRAT to install a backdoor and gain access to the organizations’ networks. The experts consider CloudDragon to be one of two sub-groups commonly referred to as Kimsuky, which has long been suspected of working on behalf of the DPRK. Become a member for less than $4 per week. Unlimited access to all of NK News: reporting, investigations, analysis The NK News Daily Update, an email newsletter to keep you in the loop Searchable archive of all content, photo galleries, special columns Contact NK News reporters with tips or requests for reporting Get unlimited access to all NK News content, including original reporting, investigations, and analyses by our team of DPRK experts. Subscribe now All major cards accepted. No commitments – you can cancel any time. © Korea Risk Group. All rights reserved. No part of this content may be reproduced, distributed, or used for commercial purposes without prior written permission from Korea Risk Group. Get the Daily Update Start your day with the North Korea stories that matter most – as selected by And how should we address you in correspondence? One more step! Please check your inbox, for an email we just sent you, and click on the confirmation message in it to get subscribed to our Daily News Update. Trending

Analysis

North Korean hackers likely used new vulnerability to breach ROK defense firm

Researchers link attacks against South Korean aerospace and nuclear research sectors to DPRK, warn of further breaches

Nils Weisensee July 1, 2021

North Korean hackers likely used new vulnerability to breach ROK defense firm

NK News (file photo)

After a series of hacks against South Korea’s nuclear research and defense sectors, the cybersecurity firm TeamT5 said a group linked to North Korea likely used a previously unknown vulnerability and new malicious tools to break into the highly sensitive systems.

According to a report published on Wednesday, researchers said they believe a group labelled “CloudDragon” used a so-called zero-day exploit called MemzipRAT to install a backdoor and gain access to the organizations’ networks. The experts consider CloudDragon to be one of two sub-groups commonly referred to as Kimsuky, which has long been suspected of working on behalf of the DPRK.