According to security provider ESET, North Korean cybercriminals penetrated defense contractors across Europe.
ESET did not specify the contractors involved. According to the security provider, employees of European defense contractors were approached by fake Amazon recruiters from 2021 onwards. The fraudsters convinced employees to download malware, after which members of hacking group Lazarus gained access to the company’s systems.
In the security industry, Lazarus is known as a North Korean hacking group. Several security providers — including ESET, Rapid7 and Secureworks — claim that the group works for the North Korean regime. The American FBI holds Lazarus responsible for an attempted $1 billion bank robbery in Bangladesh.
According to ESET, members of Lazarus had access to the systems of multiple defense contractors between late 2021 and March 2022. ESET suspects that the cybercriminals were primarily seeking information. While ESET can prove that Lazarus penetrated contractors’ systems, it’s often unclear if and whether information was stolen.
ESET does not know why the activity stopped in March 2022. “Maybe they realized they were being followed and went back to the drawing board”, ESET Netherlands CEO Dave Maasland told local media. “We can’t rule out that they are still active. That’s the honest truth.”
Attacks across Europe
ESET collects data from companies worldwide. Its research shows that, between 2021 and March 2022, Lazarus attempted to penetrate defense contractors in France, Italy, Germany, Poland, Ukraine, Turkey, Qatar, Brazil and the Netherlands.
Some attempts were successful. According to ESET, espionage was the main objective. Some cases involve attempted theft, but no money was successfully stolen. Every incident had a similar lead-up. A fake recruiter contacted employees via LinkedIn and convinced them to download malware. According to ESET, Lazarus uses elements of legitimate recruitment campaigns to boost credibility.
8 minutes ago
