- La colaboración entre Seguridad y FinOps puede generar beneficios ocultos en la nube
- El papel del CIO en 2024: una retrospectiva del año en clave TI
- How control rooms help organizations and security management
- ITDM 2025 전망 | “효율경영 시대의 핵심 동력 ‘데이터 조직’··· 내년도 활약 무대 더 커진다” 쏘카 김상우 본부장
- 세일포인트 기고 | 2025년을 맞이하며… 머신 아이덴티티의 부상이 울리는 경종
North Korean Hackers Compromise Russian Missile Maker
Security researchers have discovered a likely North Korean cyber-espionage campaign targeting the IT network of a Russian manufacturer of intercontinental ballistic missiles and aerospace equipment.
Leaked emails from NPO Mashinostroyeniya, which is sanctioned by the US for its role in Russia’s invasion of Ukraine, helped SentinelLabs researchers work out what had happened.
“Internal NPO Mashinostroyeniya emails show IT staff exchanged discussions highlighting questionable communications between specific processes and unknown external infrastructure,” it explained in a blog post.
“The same day, the NPO Mashinostroyeniya staff also identified a suspicious DLL file present in different internal systems. The month following the intrusion, NPO Mashinostroyeniya engaged with their AV solution’s support staff to determine why this and other activity was not detected.”
Although SentinelLabs is still unclear about the initial access vector, it claimed that North Korean actors compromised an email server at the firm and deployed a Windows backdoor dubbed “OpenCarrot” to its network.
The threat intelligence vendor attributed the attack to ScarCruft (APT37), although the OpenCarrot backdoor is more commonly associated with another Pyongyang group: Lazarus.
The backdoor features a wide range of functionality to support reconnaissance, file system and process manipulation, and reconfiguration/connectivity, the report claimed.
“As a feature-rich, configurable, and versatile backdoor, the malware is a strong enabler of the group’s operations. With a wide range of supported functionality, OpenCarrot enables full compromise of infected machines, as well as the coordination of multiple infections across a local network,” SentinelLabs explained.
“The OpenCarrot variant we analyzed supports proxying C2 communication through the internal network hosts and directly to the external server, which supports the strong possibility of a network-wide compromise.”
It’s no secret that the Kim Jong-un regime is developing a nuclear and missile program, using billions stolen from crypto firms and banks over the years. It follows that the hermit nation would also use cyber-espionage to access vital intellectual property in order to advance its plans.