North Korean ‘Sparkling Pisces’ Hackers Target Government & Research Institutions

Diehl Defence, a German company, has provided anti-aircraft missiles that have been highly effective in defending Kyiv against Russian attacks. According to Kyiv Mayor Vitali Klitschko, every missile launched has successfully intercepted its target. 

The German government is now planning to incorporate Diehl’s technology into its own defense systems by equipping three new government aircraft with a missile defense system, which indicates the confidence and trust placed in Diehl Defence’s capabilities in the field of air defense.

North Korean hackers, operating under the moniker “Kimsuky,” attempted to infiltrate a German arms company to acquire confidential information regarding their military technology. 

These hackers, affiliated with the North Korean military intelligence service, employed sophisticated tactics such as sending out phishing emails containing malicious software, attempting to steal passwords, and disguising their activities to evade detection. 

Over the course of several months, this operation has brought to light the persistent danger posed by cyberattacks that are sponsored by states and that target sensitive military technology.

IT security experts from Mandiant identified the “Kimsuky” hacking group as early as the first quarter of 2024 by observing the group targeting specific zip codes and searching for information on registering phone numbers in Germany.

In mid-April, “Kimsuky” established a website using a misspelled version of a defense company’s name, Dihl Defence, which provided clues about their intended targets, which allowed security experts to gain insights into the group’s activities and potential objectives.

Hackers distributed fake job offers, enticing victims with high-paying positions. Upon opening the attached document, unsuspecting individuals were redirected to a malicious server disguised as a legitimate company. 

This server covertly installed spyware onto victims’ devices, capable of capturing screenshots, accessing files, and downloading additional malware. To further their malicious intent, the hackers established a fraudulent login portal, mimicking a well-known telecommunications provider. 

By enticing users to enter their credentials on this fake platform, the hackers successfully acquired sensitive login information, compromising the victims’ online security.

According to ZDF, Diehl Defence has declined to comment on recent cyberattacks targeting German nuclear weapons researchers, a security think tank, and other arms companies. 

The attacks, believed to be perpetrated by the North Korean hacking group Kimsuky, are part of a broader campaign aimed at obtaining sensitive information. 

The Federal Office for Information Security has confirmed the existence of the campaign, which has been ongoing since May 2024, highlighting the ongoing threat posed by North Korea’s cyber activities and the need for increased vigilance in protecting critical infrastructure and sensitive data.

Also Read:

Kaaviya
Kaaviyahttps://cyberpress.org/
Kaaviya is a Security Editor and fellow reporter with Cyber Press. She is covering various cyber security incidents happening in the Cyber Space.

Recent Articles

Related Stories

LEAVE A REPLY

Please enter your comment!
Please enter your name here