North Korean hackers breached at least two South Korean microchip equipment companies in recent months, stealing product design drawings and facility site photos, according to South Korea’s spy agency. The National Intelligence Service (NIS) did not disclose the names of the victims but said that hackers used living-off-the-land techniques to attack them. This approach involves using tools already present in the targeted system, rather than external malicious software, making such attacks harder to detect. In the recent campaign, the attackers breached servers used for managing business documents, NIS said. The agency did not specify the vulnerabilities that allowed for the attacks. One incident occurred in December, the other in February, NIS said. The agency believes that North Korea may be preparing to produce its own semiconductors due to difficulties in procuring them following global sanctions over its weapons programs. During Russia's war with Ukraine, North Korea is reportedly helping the Kremlin by shipping artillery shells and missiles to Russia in exchange for food, raw materials and parts used in weapons manufacturing. South Korea's semiconductor industry is an attractive target for hackers. Its chip sector accounts for about 16% of total exports. Recently, the country announced plans to establish a $470 billion chipmaking cluster, the world’s largest, near Seoul. In cooperation with private companies like Samsung Electronics and SK Hynix, South Korea plans to build 13 new chip factories and three research facilities, in addition to the existing 21 microchip manufacturing plants. North Korea poses a constant threat to its democratic neighbor, including in cyberspace. In December, for example, a suspected state-sponsored group known as ScarCruft targeted experts in North Korean affairs from South Korea’s academic sector, as well as a news organization focused on the north. Earlier in January, South Korean President Yoon Suk Yeol warned that North Korea could stage provocations, such as armed actions near the shared border, drone intrusions, cyberattacks, or spreading fake news to interfere in April's parliamentary elections. “The North Korean regime is going through fire and water solely for the sake of maintaining its hereditary totalitarian regime, while blatantly ignoring international law and U.N. Security Council resolutions by trading arms with Russia," Yoon said. Another big player in the semiconductor market, Taiwan, has seen companies hit by alleged Chinese spying and ransomware attacks.
Get more insights with the
Recorded Future
Intelligence Cloud.
No previous article
No new articles
Daryna Antoniuk
is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.