Kimsuky (hacker grouping)

2020: The attack on Russian military industrial complex enterprise

On October 19, 2020 it became known of hacker attacks to military and industrial enterprises in Russia. North Korean grouping of cybercriminals of Kimsuky carried out harmful mailings in the spring, including through social networks, for obtaining confidential information from the space and defense companies, the head of department of a research of difficult threats Group-IB Anastasia Tikhonova told Kommersant.

According to Telegram-канала SecAtor, in April, 2020 Kimsuky attacked structures Rostec. The state corporation only confirmed growth of cyber attacks in the last half a year, but said that most of them was are prepared poor.

North Korean hackers sovreshit attacks to military industrial complex enterprise of Russia

According to Tikhonova, hackers used a purposeful phishing. So, within one of the attacks the fake page of authorization in a mail service of Outlook which the staff of the Turkish producer of military equipment used was created to obtain their data for an input in working mail.

As Tikhonova reported, the Kimsuky grouping, as well as better known North Korean group of hackers of Lazarus, is engaged in cyber espionage. This group is also known under the names Velvet Chollima and Black Banshee. Since 2010 hackers from Kimsuky attacked objects in South Korea, but later the geography of their attacks was expanded. Presumably, this group stands behind attacks to the military organizations in the field of production of the artillery equipment and armored vehicles in Russia, Ukraine, Slovakia, Turkey and South Korea.

The expert in cyber security of Kaspersky Lab Denis Legezo says that some fraudulent letters of North Korean groupings contain data on vacancies in the space and defense industries. He considers that it shows the interest of hackers in industrial espionage.^[1]

Notes