Israeli officials said on Wednesday that they stopped efforts by a North-Korean hacking group to steal classified Israeli defense industry information. Cybersecurity experts separately warned that the cyber attack may have actually succeeded.
The New York Times reported Israel’s Defense Ministry stopped the hacking attempts “in real time” and successfully protected Israeli computers from “harm or disruption.”
In contrast to the Israeli Defense Ministry claims, security researchers at the cybersecurity firm ClearSky told Times reporters that the attack penetrated the computer systems and the hackers likely stole a large amount of classified data. ClearSky was the first to raise the issue about the hacking efforts.
The potential theft of classified Israeli defense information could raise further security concerns for Israel if the North Korean hackers were to share the stolen information with their ally Iran.
The North Korean hacker group, known by cybersecurity experts as the Lazarus Group, reportedly initiated the hacking effort through a LinkedIn message last June, ClearSky researchers told the Times. The hacker group reportedly posed as headhunters from different U.S. defense contractor in LinkedIn messages Israeli defense company employees. In at least one case, the hackers faked the identity of a real Boeing official, Dana Lopp, to initiate contact with an Israeli engineer employed by a government-owned defense company.
After establishing contact on LinkedIn, the hacker group actually furthered their credibility with their victims through a phone call. Those who received the phone call said the voice on the other line spoke English fluently and without any accent and sounded credible. Israeli officials told the Times they believe the Lazarus Group has outsourced some of their work to native English speakers.
The Lazarus Group is believed to have been behind a similar effort to infiltrate Israeli defense networks in 2019, however that attempt was not successful as the victims more easily identified emails that attempted to communicate with their targets in broken Hebrew. Under the new hacking effort, the North Korean hackers reportedly switched to English and instead initiated communications through sites like LinkedIn and WhatsApp.
After establishing contact, the hackers then sent their targets a job application document that included their list of job search criteria. The document reportedly contained hidden spyware that, when opened, would infiltrate their victim’s computers and burrow further into Israeli defense industry networks.
ClearSky researchers said the hacking efforts “succeeded, in our assessment, to infect several dozen companies and organizations in Israel” and around the world. In at least two cases, the North Korean hackers reportedly installed hacking tools on Israeli networks, known as remote access trojans.
The Lazarus Group has also targeted other countries and dozens of companies. The group previously targeted more than 100 U.S. companies as President Donald Trump and North Korean leader Kim Jong Un met in February of 2019. The hacker group reportedly targeted banks, utilities and oil and gas companies during the 2019 cyber attacks.
Prior to that 2019 hacking effort, the Lazarus Group also tried to hack U.S. defense industry companies, including efforts to steal information on the Terminal High Altitude Area Defense (THAAD) missile systems. The THAAD missile systems have been deployed in Israel as well as in South Korea.