Previously obscure N. Korean hacker group is now stronger than ever, say experts

APT37A little-known North Korean cyber espionage group has widened its scope and increased its sophistication in the past year, and now threatens targets worldwide, according to a new report by a leading cyber security firm. Since 2010, most cyber-attacks by North Korean hackers have been attributed to a group dubbed “Lazarus” by cyber security specialists. The Lazarus Group is thought to have perpetrated the infamous Sony Pictures attacks in 2014, and the worldwide wave or ransomware attacks dubbed WannaCry by experts in 2017. It is widely believed that the Lazarus Group operates on behalf of the government of North Korea. Most of its operations constitute destructive attacks —mostly cyber sabotage— and financial criminal activity.

For the past six years, a smaller hacker element within the Lazarus Group has engaged in intelligence collection and cyber espionage. Cyber security researchers have dubbed this sub-element “APT37”, “ScarCruft” or “Group123”. Historically, APT37 has focused on civilian and military targets with links to the South Korean government. The hacker group has also targeted human rights groups and individual North Korean defectors living in South Korea. However, a new report warns that APT37 has significantly expanded its activities in terms of both scope and sophistication in the past year. The report, published on Tuesday by the cyber security firm FireEye, suggests that APT37 has recently struck at targets in countries like Vietnam and Japan, and that its activities have disrupted telecommunications networks and commercial hubs in the Middle East.

According to the FireEye report, aerospace companies, financial institutions and telecom- munications service providers in at least three continents have been targeted by APT37 in recent months. What is even more worrying, says the report, is that the hacker group is now capable of exploiting so-called “zero-day” vulnerabilities. These are software bugs and glitches in commonly used software, which have not been detected by software providers and are therefore exploitable by malicious hackers. FireEye said in its report that the North Korean regime will be tempted to use APT37 increasingly often “in previously unfamiliar roles and regions”, as cyber security experts are catching up with some of Pyongyang’s more visible hacker groups, such as Lazarus.

Author: Joseph Fitsanakis | Date: 21 February 2018 | Permalink

NATO missile system hacked remotely by ‘foreign source’

MIM-104 Patriot missile systemA Patriot missile system stationed in Turkey by the North Atlantic Treaty Organization (NATO) was allegedly hacked by a remote source, according to reports. German magazine Behörden Spiegel said this week that the hacked missile system is owned and operated by the German Army. It was deployed along the Turkish-Syrian border in early 2013, after Ankara requested NATO assistance in protecting its territory from a possible spillover of the civil war in neighboring Syria.

The Patriot surface-to-air missile system was initially built for the United States Army by American defense contractor Raytheon in the 1980s, but has since been sold to many of Washington’s NATO allies, including Germany. The Patriot system consists of stand-alone batteries, each composed of six launchers and two radars. The radars, which are aimed at spotting and targeting incoming missiles, communicate with the launchers via a computer system. The latter was hijacked for a brief period of time by an unidentified hacker, said Behörden Spiegel, adding that the perpetrators of the electronic attack managed to get the missile system to “perform inexplicable commands”. The magazine gave no further details.

Access to the Patriot missile system could theoretically be gained through the computer link that connects the missiles with the battery’s control system, or through the computer chip that guides the missiles once they are launched. Hacking any one of these nodes could potentially allow a perpetrator to disable the system’s interception capabilities by disorienting its radars. Alternatively, a hacker could hypothetically prompt the system to fire its missiles at an unauthorized target. According to Behörden Spiegel, the attack on the missile system could not have come about by accident; it was a concentrated effort aimed at either taking control of the missiles or compromising the battery’s operating system. Moreover, the sophisticated nature of such an attack on a well-protected military system presupposes the availability of infrastructural and monetary resources that only nation-states possess, said the magazine.

Shortly after the Behörden Spiegel article was published, the German Federal Ministry of Defense denied that Patriot missile systems under its command could be hacked. A Ministry spokesman told German newspaper Die Welt that the Ministry was not aware of any such incident having taken place in Turkey or elsewhere.

Author: Joseph Fitsanakis | Date: 10 July 2015 | Permalink: https://intelnews.org/2015/07/10/01-1732/