Two South Korean companies fell victim to cyberattacks orchestrated by North Korea

The NIS (National Intelligence Service) of South Korea issued warnings that North Korean hackers continued their cyber espionage with their latest act of targeting the domestic semiconductor industry.

Sophisticated Tactics and Techniques

Based on the NIS, the operations has been on the upswing since the second half of 2023. Mainly exploiting internet-exposed servers that exposed vulnerabilities exploitation for initial access to the corporate networks.

Once established, these previously unidentified attackers systematically present their craft of data theft from company files that contain secret documents and information.

They often leverage local cyber resources such as malicious programs in games and legal software tools for the evasion of detection by security systems.

Indeed, there was an intensification in cyberactivities, with an attack on two distinct entities whose attacks were reported in December 2023 and an attack in February 2024.

Via this cyber-attacks, the hackers targeted the Cisco Systems Inc and FireEye servers that store the company configurations and security policies.

This resulted into compromising the product design drawings and facility site photos; among many other confidential data.

Implications for South Korea’s Semiconductor Industry

The victims of the report remains anonymous but what is important to the public to note is South Korea provides refuge to some of the world’s biggest semiconductor companies by industry share such as Korea’s Samsung Electronics and SK Hynix.

Combining the market shares of Samsung Electronics and SK Hynix, they have substantial presence in the global DRAM and NAND flash industries, selling to other leading global technology companies.

The attacks are believed to be designed to pick up vital secret material that may help North Korean to develop its semiconductor technology and partly fulfill its military supply needs.

NIS Response and Recommendations

In response to threats, the NIS informed the affected companies and gave advice on detecting and resolving such attacks.

“In relation to this hacking trend, the National Intelligence Service believes that North Korea may have started to prepare for its own semiconductor production due to difficulties in obtaining semiconductors because of sanctions, which affect the development of weapons such as satellites and missiles.” – NIS.

By highlighting the necessity of applying security updates, establishing tight access rules for internet-exposed servers, and establishing strong authentication processes for admins, NIS stresses the need for comprehensive measures before cyber intrusions are made through compromised privileged accounts.

North Korean hackers have had a record of recruiting the cyber espionage campaigns against South Korea for the purpose of collecting the data for their own domestic programs and agendas.

Following this, the US government initiated sanctions on the DPRK hacking group known as ‘Kimsuky,’ long associated with hacking group behind breaches of the South Korean nuclear research center, Korea Atomic Energy Research Institute (KAERI).