North Korean hackers hacked the Russian missile manufacturer’s network for at least five months last year, Reuters reported on Monday. The victim of hackers from groups nicknamed ScarCruft and Lazarus fell NPO Mash (Scientific and Production Union of Machine Building) based in Rieutov near Moscow, the agency reported.
In the months following the digital hack, Pyongyang announced several advances in its banned ballistic missile program, but it’s not clear if this was related to the hack, Reuters noted. However, experts say the incident shows how an isolated country is targeting even its allies to acquire critical technologies.
The Russian company is one of the pioneers in the development of hypersonic missiles, satellite technologies and newer generation ballistic weapons.
“These are three areas of keen interest to North Korea since it embarked on a mission to create an intercontinental ballistic missile (ICBM) capable of striking continental United States” – emphasizes the agency.
According to specialists, the hack started around the end of 2021 and lasted until May 2022, when, according to internal company communications analyzed by Reuters, IT engineers detected hacker activity.
Neither NPO Mash, nor the embassy Russia in Washington did not respond to Reuters requests for comment.
According to Tom Hegel, a security expert at the American company SentinelOne, hackers broke into the company’s IT environment, which gave them the ability to read e-mail and obtain data. Experts believe that he is behind the hack North Koreabecause hackers used previously known Korean malware and infrastructure for it.
The Russian company would be a valuable asset for North Korea because it is Russia’s leading designer and manufacturer of missiles, Markus Schiller, a European missile expert, told the news agency. “You can learn a lot from them,” he added.
Another area of interest for Korean hackers could be fuel production, the agency believes, recalling that last month North Korea conducted a test of a solid-propellant Hwasong-18 missile. Powering the missiles with solid fuel, explains Reuters, could allow missiles to be deployed more quickly during war because it does not require refueling them at the launch pad. As a result, the missiles are harder to target and destroy before launch.
NPO Masz produces e.g. SS-19 that is refueled at the factory and sealed. “It’s hard to do that because rocket propellant, especially the oxidizer, is very corrosive,” said Jeffrey Lewis, a scientist specializing in rocket development at the James Martin Center for Nonproliferation Studies. “At the end of 2021, North Korea announced that it was using the same process,” he noted.
In his opinion, among the areas NPO Mash deals with that would be of interest to North Korea, “solid fuels would be at the top of the list.”
Main photo source: PAP/EPA/KCNA