hankyoreh

A Russian destroyer test-fires a Zircon cruise missile in the Barents Sea on Feb. 19, 2022. It was the arms maker that designed this missile that North Korean hackers breached. (TASS/Yonhap)

A US-based security firm confirmed that a group of North Korean hackers breached the networks of a Russian missile developer.

SentinelOne, a cybersecurity firm, wrote on its blog on Monday, local time, that it has identified traces of two groups linked to North Korea infiltrating the email servers and internal communication networks of Mashinostroyeniya, a Russian hypersonic missile design company, for more than five months starting in late 2021.

The two hacker groups, called ScarCruft and Lazarus, are believed to have created a backdoor into the company’s internal communications network in Reutov, a city near the Russian capital, in order to steal information.

ScarCruft and Lazarus are known to be North Korean government-backed hacker groups.

“We cannot determine the potential nature of the relationship between the two threat actors,” SentinelOne announced, noting that “tasking deemed this target important enough to assign to multiple independent threat actors.”

It is unusual that news of a North Korean hacker group’s attempts to hack an ally like Russia has become public news.

NPO Mashinostroyeniya, a Soviet-era company founded in 1944 that specializes in rocket design, was responsible for the design of Russia’s recently fielded hypersonic missiles.

On Feb. 20, 2019, Russian President Vladimir Putin unveiled the “Zircon,” a hypersonic missile designed by the company, describing it as a powerful new weapon capable of flying at speeds up to nine times the speed of sound.

The Russian Ministry of Defense conducted several test launches of Zircon through 2022. It was then deployed to the country’s fleet in the Atlantic in January.

The company’s hypersonic missile technology, satellite technology, and next-generation ballistic weapons technology are of great interest to North Korea, which is actively pursuing the development of intercontinental ballistic missiles, Reuters noted.

The hack came to light when an information technology officer at NPO Mashinostroyeniya, commonly known as NPO Mash, accidentally posted the company’s internal communications on a portal for exchanging information among security professionals.

After thoroughly analyzing the leaked communications, researchers at SentinelOne were able to identify a wide range of hacking activity that NPO Mash did not appear to have fully recognized.

Tom Hegel, a researcher at SentinelOne, said the hackers were able to penetrate deep enough to read emails, navigate internal communications networks, and extract data.

“These findings provide rare insight into the clandestine cyber operations that traditionally remain concealed from public scrutiny or are simply never caught by such victims,” he told Reuters.

Reuters reported that Europe-based missile expert Markus Schiller pointed out that even if North Korea has gained information on the Zircon missile, it does not mean it has gained the technology to develop a hypersonic missile itself.

“Getting plans won't help you much in building these things, there is a lot more to it than some drawings,” he said.

However, he added that the company is Russia’s top missile designer and producer, making it a prime target for hacking.

By Shin Gi-sub, senior staff writer

Please direct questions or comments to [english@hani.co.kr]