North Korean Hackers Targeted US Military

North Korea continues to ramp up tensions between themselves and the United States. Now there are reports stating that the rogue regime is using hackers to target US military contractors in July – specifically those working in missile defense in South Korea.

According to the report, the organization responsible for the hacking, has collaborated with Pyongyang in the past. The Lazarus Group is the same North Korea-linked organization that hacked Sony Pictures during the release of the Seth Rogan comedy The Interview in 2014. Attacks were threatened at movie theatres screening the film, which comedically mocked Kim Jong-Un, forcing the cinemas to pull the movie citing patron safety.

Palo Alto Networks, the cyber security group, observed that the hackers were using almost the exact same methods throughout July of this year as used in infamous earlier attacks by the Lazarus Group. Palo Alto also noticed that over the course of North Korea’s two most recent missile tests (the first on July 4 and the second on July 28) the Lazarus Group sent job ads in emails full of malware to employees with U.S. military contractors. One of the fake job ads placed was for a management position involving the U.S.-made THAAD missile defense system.

Developed by the U.S., the THAAD is a land-based anti-ballistic missile system that is supposedly capable of shooting down missiles inside or just beyond the earth’s atmosphere. It was deployed in South Korea as a response to the ever increasingly expanding tensions between Washington and Pyongyang in May, but the tests so far, have been less than stellar according to many reports.

The weaponized documents have been hosted on systems which we believe have likely been compromised and repurposed. Two of the URL paths used to host the weaponized documents on the compromised systems are exact matches (event/careers/jobs/description/docs). The payloads delivered by the weaponized documents are extremely similar to the payloads delivered by weaponized documents detailed in our April 2017 report on the threat group’s activity. –Palo Alto Networks

President Donald Trump has said that Americans should not fear the rogue regime. “The people of this country should be very comfortable, and I will tell you this: If North Korea does anything in terms of even thinking about attack, of anybody that we love or we represent or our allies or us, they can be very, very nervous,” Trump said. “I’ll tell you why, and they should be very nervous. Because things will happen to them like they never thought possible,” the president added.

If the less-than-ideal performance of the THAAD missile defense system didn’t quite comfort fears, perhaps Trump’s words will. And if they didn’t, you aren’t alone.