oann

North Korean hackers infiltrate leading Russian missile manufacturer.

ReutersAugust 7, 2023

An Elite Group of North Korean Hackers Breached Russian Missile Developer

By James‌ Pearson and Christopher⁤ Bing

LONDON/WASHINGTON (Reuters) –‍ An elite group of North Korean hackers secretly breached computer networks at a major Russian missile ‍developer for at least five months last year, according to technical evidence reviewed by Reuters and analysis by security researchers.

Reuters found‍ cyber-espionage teams linked to the North Korean government, which security researchers call‍ ScarCruft and Lazarus, secretly installed stealthy digital backdoors into systems at NPO Mashinostroyeniya, a rocket ‌design bureau based in Reutov, a small town on the outskirts of Moscow.

Reuters could not determine whether any data was taken during the intrusion or what information may ⁢have‌ been viewed. In the months following the digital break-in Pyongyang announced several developments in ⁤its banned ballistic ‍missile⁢ programme but it is ⁣not clear‍ if this was related to the‍ breach.

Experts say the incident shows how the isolated country will even target its allies, such as Russia, in a ‍bid to acquire critical technologies.

NPO Mashinostroyeniya did not respond to requests from Reuters⁣ for comment. Russia’s embassy in Washington did not respond to an emailed request for comment. North Korea’s mission to the United Nations in New York did not ⁤respond to a request for comment.

News of the hack comes ⁣shortly after a ⁤trip to⁢ Pyongyang last month by Russian defence minister Sergei Shoigu for⁣ the 70th anniversary of the Korean War; the first visit by a Russian defence minister to North Korea since the 1991 breakup ⁤of the Soviet Union.

The targeted company, commonly known as NPO Mash, has acted as a pioneer ‌developer of hypersonic missiles, satellite technologies and newer generation ballistic armaments, according⁣ to missile experts – three areas of keen interest ‍to North Korea since it⁢ embarked on its mission ⁣to create an Intercontinental Ballistic Missile (ICBM)⁤ capable of striking the mainland United States.

According to ⁣technical data, the intrusion roughly began in‍ late 2021 and⁤ continued until May 2022 when, according to internal communications‍ at the company reviewed⁣ by Reuters, IT engineers detected the hackers’ ⁣activity.

NPO Mash grew to prominence during ⁢the Cold War as ‍a premier satellite maker for ‍Russia’s⁢ space programme and as a provider of cruise missiles.

Email Hack

The hackers dug into the company’s IT environment,‍ giving them the ability to⁤ read email⁣ traffic, jump between networks, and extract ‍data, according to Tom Hegel, a security researcher with U.S. cybersecurity firm SentinelOne, who initially discovered the compromise.

“These findings provide rare insight into the clandestine cyber operations that traditionally remain concealed from public scrutiny or are simply never caught by such victims,” Hegel ‍said.

Hegel’s team of security analysts ‌at SentinelOne‍ learned of the ‌hack ⁣after discovering that an NPO Mash ‍IT staffer accidentally leaked his company’s internal communications while attempting to⁢ investigate the North Korean attack by uploading evidence to a private portal ‌used by cybersecurity‌ researchers worldwide.

When contacted by Reuters,⁣ that IT staffer declined to ⁢comment.

The lapse provided Reuters and SentinelOne with a unique snapshot into a company of critical importance to the ⁣Russian state⁣ which ⁢was sanctioned by the⁢ Obama‍ administration following the invasion of Crimea.

Two independent computer⁢ security experts,‌ Nicholas Weaver and Matt Tait, ⁢reviewed the exposed email ⁤content⁤ and confirmed its authenticity. The analysts verified the connection by⁣ checking the email’s cryptographic signatures against‍ a set of keys controlled by NPO Mash.

“I’m highly confident the data’s authentic,” Weaver told Reuters. “How the information was exposed was an absolutely hilarious screwup”.

SentinelOne said they⁤ were confident North Korea was behind ⁣the hack because the cyber‌ spies re-used ⁤previously known‍ malware and malicious infrastructure set up to carry out‍ other intrusions.

‘MOVIE STUFF’

In 2019, Russian President ⁤Vladimir ⁤Putin touted NPO Mash’s “Zircon” hypersonic missile as a “promising new product”, capable of travelling at around nine times ‍the speed⁤ of ⁤sound.

The fact North Korean hackers may have obtained information about the Zircon does not mean they would immediately have that same ‍capability, said Markus Schiller, a⁤ Europe-based missile expert who has‍ researched foreign aid to North‍ Korea’s missile programme.

“That’s movie ‌stuff,” he⁣ said. “Getting plans won’t help⁤ you much in building⁤ these⁤ things, there is a lot more to it than some drawings”.

However, given NPO Mash’s position ‍as a top Russian missile designer and producer, the company would be a valuable target, Schiller added.

“There is much to‍ learn from ⁢them,” he said.

Another area of⁢ interest could be in the manufacturing process used by NPO Mash surrounding fuel, experts said. Last month, North Korea test-launched the Hwasong-18, the first of its ⁤ICBMs to use solid propellants.

That‌ fuelling method ⁢can allow‌ for faster deployment of missiles during⁤ war, because it does ‌not require⁤ fuelling on‍ a launchpad, making the‍ missiles harder to track and destroy before blast-off.

NPO Mash produces an‌ ICBM dubbed the SS-19 which is fuelled‌ in the factory and sealed shut, a process known as “ampulisation” that yields ‍a⁤ similar strategic ⁣result.

“It’s hard to do because rocket propellant, especially the oxidiser, is ⁢very corrosive,” said⁣ Jeffrey Lewis, a missile researcher at⁢ the James Martin Center for Nonproliferation Studies.

“North Korea announced that it⁢ was doing⁤ the⁤ same⁢ thing in late 2021. If NPO Mash had one useful thing for them, that would ⁣be top of my list,” he added.

(Reporting by James Pearson in London and Christopher Bing in Washington; editing by ⁤Chris Sanders and Alistair Bell)

This Week’s Major Headlines

This week⁢ has been filled with major ⁣headlines in the U.S. and around the world. One ⁤America’s Rachel Acenas brings us the latest.

Interview with Dr. Carole Lieberman

with‌ Dr. Carole ‍Lieberman

Interview with Tom MacDonald

with Tom MacDonald

Interview with Gregory Angelo

with Gregory Angelo

An Elite Group of North Korean Hackers‍ Breached Russian Missile Developer

By James Pearson and Christopher Bing LONDON/WASHINGTON (Reuters) – An elite group of North Korean⁤ hackers secretly breached computer⁤ networks at⁢ a…