The North Korean hacker group “Kimsuky” is reportedly carrying out attacks against military and industrial entities inside Russia, cybersecurity experts told the newspaper Kommersant.
Earlier this year in the spring, Kimsuky hackers sent malicious emails seeking confidential information at aerospace and defense companies in Russia, says Anastasia Tikhonova, the head of the information security company “Group-IB.” According to the Telegram channel SecAtor, the same North Korean hacker group targeted the Russian state-owned defense corporation “Rostec” in April 2020.
“RT-Inform,” a cybersecurity Rostec subsidiary, neither confirms nor denies these reports, though spokespeople acknowledged that cyberattacks against Rostec assets spiked between April and September. Most of these attacks were hastily executed and relatively harmless, but the hackers may have been merely testing the waters, says RT-Inform.
The “Kimsuky” advanced persistent threat, also known as “Velvet Chollima” and “Black Banshee,” is associated with the North Korean authorities. Since 2010, the group has sent phishing emails to organizations in South Korea, Ukraine, Slovakia, Turkey, Russia, and the United States. Most infamously, Kimsuky hacked the computer network of a South Korean company operating 23 nuclear reactors in 2014, stealing confidential data and leaking it on the Twitter account of “fighters against nuclear power from the Hawaiian islands,” cybersecurity experts told Kommersant.