The Kimsuky group is hunting for Germany's military technology.
North Korean hackers working for government agencies carried out a cyberattack on the German defense company Diehl Defense, known for the production of Iris-T guided missiles. The "Kimsuky" hacker group, which has been active lately, has attempted to hack into the company's systems using fake job offers.
The attack was organized as follows: the attackers sent emails to Diehl Defense employees with fake documents, which allegedly contained attractive vacancies from large American defense companies. The emails contained PDFs that looked like official documents. The fraudsters hoped that when the fake PDF file was opened, the victim's computer would be infected with malware, which would allow spying on the user.
To hide their presence, the hackers used a server whose name contained the word "Überlingen", which coincides with the name of the city where one of the offices of Diehl Defence on Lake Constance is located. In addition, fake login pages made in German, which copied the interfaces of popular services such as Telekom and GMX, were found on the server. In this way, the hackers hoped to trick users into entering their logins and passwords in order to gain access to their accounts.
Mandiant North Korea expert Michael Barnhart noted that the hackers carefully studied German realities before carrying out the attack. Analysis of their search queries confirms targeted preparation.
Diehl Defense produces, in particular, Iris-T guided missiles, which are equipped with the latest South Korean KF-21 fighters. In the spring, the company announced a successful test launch of the missile. The company declined to comment on the specific details of the incident, noting only that all measures are being taken to ensure safety.
A spokesman for the German Federal Office for Information Security (BSI) said that the servers used for the attack were identified back in May. According to BSI, the attack on Diehl Defence is not an isolated incident. As part of the campaign of the group "Kimsuky", also known as "APT43", other organizations in Germany were also affected.
Source
North Korean hackers working for government agencies carried out a cyberattack on the German defense company Diehl Defense, known for the production of Iris-T guided missiles. The "Kimsuky" hacker group, which has been active lately, has attempted to hack into the company's systems using fake job offers.
The attack was organized as follows: the attackers sent emails to Diehl Defense employees with fake documents, which allegedly contained attractive vacancies from large American defense companies. The emails contained PDFs that looked like official documents. The fraudsters hoped that when the fake PDF file was opened, the victim's computer would be infected with malware, which would allow spying on the user.
To hide their presence, the hackers used a server whose name contained the word "Überlingen", which coincides with the name of the city where one of the offices of Diehl Defence on Lake Constance is located. In addition, fake login pages made in German, which copied the interfaces of popular services such as Telekom and GMX, were found on the server. In this way, the hackers hoped to trick users into entering their logins and passwords in order to gain access to their accounts.
Mandiant North Korea expert Michael Barnhart noted that the hackers carefully studied German realities before carrying out the attack. Analysis of their search queries confirms targeted preparation.
Diehl Defense produces, in particular, Iris-T guided missiles, which are equipped with the latest South Korean KF-21 fighters. In the spring, the company announced a successful test launch of the missile. The company declined to comment on the specific details of the incident, noting only that all measures are being taken to ensure safety.
A spokesman for the German Federal Office for Information Security (BSI) said that the servers used for the attack were identified back in May. According to BSI, the attack on Diehl Defence is not an isolated incident. As part of the campaign of the group "Kimsuky", also known as "APT43", other organizations in Germany were also affected.
Source
