A highly skilled group of North Korean hackers carried out a covert cyber-espionage operation targeting a prominent Russian missile manufacturer for an extended period last year, according to evidence analyzed by security researchers and reported by Reuters. The hackers, associated with cyber-espionage teams called ScarCruft and Lazarus, managed to implant discreet digital backdoors into the computer systems of NPO Mashinostroyeniya, a rocket design bureau located in Reutov, near Moscow.
The extent of the data breach and the specific information accessed remains unclear, and there is no conclusive evidence linking the cyber intrusion to subsequent developments in North Korea’s banned ballistic missile program. However, experts emphasize that this incident highlights North Korea’s willingness to target even its allies, such as Russia, in its pursuit of critical technologies.
NPO Mashinostroyeniya, commonly known as NPO Mash, has a significant role in the development of hypersonic missiles, satellite technologies, and newer generation ballistic armaments – areas of great interest to North Korea as it seeks to create an Intercontinental Ballistic Missile (ICBM) capable of reaching the United States mainland.
The cyber attack appears to have started in late 2021 and continued until May 2022 when IT engineers at NPO Mash detected the hackers’ presence. The hackers gained access to the company’s email traffic, navigated between networks, and extracted data. The breach came to light when an NPO Mash IT staffer accidentally leaked internal communications while trying to investigate the North Korean attack, providing insight into a company of strategic importance to Russia.
While it is uncertain whether the hackers obtained detailed capabilities of the “Zircon” hypersonic missile, experts suggest that having such information may not guarantee immediate replication, as missile development involves complex processes beyond mere blueprints. Nevertheless, NPO Mash’s position as a leading missile manufacturer makes it a valuable target for North Korea seeking to gain knowledge about missile design, production, and fueling methods.
The cyber attack on NPO Mash underscores the significance of cybersecurity for critical industries and the potential threats posed by state-sponsored hacking groups seeking to acquire sensitive technological advancements.