Hackers in North Korea have sought to launch cyberattacks against semiconductor firms in South Korea “from the second half of last year until recently,” South Korea’s National Intelligence Service (NIS) said on March 4. The hacking entities breached at least two firms, specifically targeting semiconductor companies “whose servers were connected to the internet and exposed vulnerabilities.”
Last December, threat actors targeted two companies—which the agency did not name—by hacking one company’s “configuration management server” and another’s “security policy server.” The NIS said the hackers also stole “product design drawings” and “facility site photos.”
North Korea could be eyeing chips to help bolster its military offerings amidst sanctions. “We believe that North Korea might possibly be preparing to produce its own semiconductors in the face of difficulties in procuring them due to sanctions,” the NIS said in its statement, according to the BBC; the agency also noted the increased demand “due to the development of weapons such as satellites and missiles.”
The intelligence agency said these North Korean hacking groups primarily employed Living off the Land (LotL) techniques—strategies that threat actors around the world, such as Volt Typhoon and Sandworm have employed in a variety of ways. LOTL techniques are not “easily visible to attackers,” thus making their detection more difficult.
The NIS reminds semiconductor firms to remain vigilant amidst the spread of these North Korean hacking events.
Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.