This embarrassing mistake betrayed North Korean hacking

Hackers from the infamous Lazarus Group are said to be behind a series of espionage attacks on European and Asian companies in the energy, chemical, defense and healthcare sectors. This is reported by the Finnish security company WithSecure.

The Lazarus Group is considered one of the most professional and largest hacking groups in the world. She is said to belong to the North Korean secret service and has been known to security researchers for years.

However, it is usually not possible to prove or even attribute certain attacks to the group with certainty. The fact that the WithSecure researchers were able to do this – in IT security this is called attribution – is due to a security flaw in the attacks. This is very unusual for alleged state hacking groups like Lazarus.

Telltale IP address

One of the more glaring clues was that the hackers actually used a North Korean IP address for a short time — fewer than 1,000 in all. According to the researchers, this is likely due to carelessness on the part of one of the hackers.

According to WithSecure, the hackers specifically targeted and spied on a medical industry company, a manufacturer of equipment for the energy, research, defense and medical industries, and a chemical research department at a leading university.

As part of this discovery, WithSecure identified a number of the group’s new tactics. Nevertheless, the error is not a reason to declare all-clear. Groups like Lazarus are still very professional and flexible opponents.

Sources

(t-online/dsc)