For a country with notoriously limited internet access, North Korea has been surprisingly aggressive with their cyberattacks over the last couple of years. Although a geopolitical storm is brewing between the United States and the Hermit Kingdom, a digital battle has already been fought for some time. Western governments and companies should brace for this cyberwar to heat up even more as the verbal threats fly.
It was reported this week that individuals involved with U.S. defense contractors were baited by Lazarus, the infamous hacker group believed to work for the North Korean authorities. This is the same group responsible for the 2014 Sony hack, a retaliation for the production of The Interview, a comedy depicting the assassination of Kim Jong-Un.
The group is also thought to be behind the WannaCry ransomware attack earlier this year. WannaCry affected over 300,000 people in 150 countries, notably by crippling the computer system of Britain’s National Health Service (NHS), causing surgery delays and emergency room shutdowns. It was the largest ransomware scheme in history, affecting banks, telecommunications companies, and a host of players in other vital sectors.
The latest hack was announced by Palo Alto Networks on Monday. They reported that weaponized Microsoft Office Documents were posted online using the exact copy of publicly available job descriptions for U.S. defense contractors and hosted on compromised systems. While it is unclear how the documents were distributed to contractors and if any were fooled by the postings, the malware was clearly targeted to those who may hold in their networks very sensitive information about U.S. military secrets and other government information.
As we have repeated many times, anyone acting as a supplier to the government or major companies is at great risk of being targeted by cybercriminals.
With the situation in North Korea escalating, companies and contractors everywhere need to take a serious look at their digital weaknesses and assess how to strengthen their cybersecurity capabilities.
The best way to do this is to use Evizone Secure Communications (ESC) and Evizone Communications Governance (ECG). Sign up for a free trial of our software and see for yourself how our closed communication and data storage system can protect your most precious information from unwanted intrusions.