Aug 7, 2023
ScarCruft, a state sponsored hacking group in North Korea has been linked to a cyberattack on the IT infrastructure and email server of NPO Mashinostroyeniya. NPO Mashinostroyenia, is a Russian space rocket designer as well as an intercontinental ballistic missile engineering organisation. They engineer things such as spacecrafts, orbital vehicles, tactical defence and attack missiles used by both Russian and Indian armies.
Discovered by SentinalLABS on Aug 7, 2023 while conducting their usual hunting and tracking of North Korean threat actors. After identifying a leaked email collection containing implant characteristics similar to previously reported DPRK-affiliated threat actor campaigns, they executed a more thorough investigation which revealed a larger intrusion than what was known to the compromised organisation. The more thorough investigation also revealed that the malware implanted in NPO’s system was ‘OpenCarrot’
SentinalLABS assessment shows that the cluster of infrastructure became active in November 2021 but then was immediately paused the same day as NPOs intrusion discovery in May 2022. The finding somewhat indicates that the campaign was closely monitored by operators.
In their conclusion, they attribute the intrusion to threat actors independently associated with North Korea with a high level of confidence. “Based on our assessment, this incident stands as a compelling illustration of North Korea’s proactive measures to covertly advance their missile development objectives, as evidenced by the direct compromise of a Russian defence-industrial base organisation.” Actors now increasingly undertake a diverse range of campaigns motivated by various factors. Now it is more crucial than ever to address and mitigate this threat with vigilance and strategic response.
Source: Bleeping Computer
Source of the source: Comrades in Arms? | North Korea Compromises Sanctioned Russian Missile Engineering Company – SentinelOne