An elite group of North Korean hackers successfully infiltrated the computer networks of a major Russian missile developer, NPO Mashinostroyeniya, located in Reutov, on the outskirts of Moscow. The cyber-espionage operation lasted for at least five months, during which the hackers discreetly installed digital backdoors into the company’s systems.
The attack, linked to North Korean government-backed cyber-espionage teams known as ScarCruft and Lazarus, aimed at obtaining critical missile technologies from NPO Mash. The company is renowned for its work in developing hypersonic missiles, satellite technologies, and newer generation ballistic armaments – areas of great interest to North Korea as it seeks to develop an Intercontinental Ballistic Missile (ICBM) capable of striking the mainland United States.
The hackers gained access to NPO Mash’s IT environment, enabling them to intercept email communications, move across networks, and extract data. SentinelOne, a U.S. cybersecurity firm, first discovered the breach and confirmed North Korea’s involvement due to the reuse of previously known malware and malicious infrastructure used in other intrusions.
The intrusion began around late 2021 and persisted until May 2022, when NPO Mash’s IT engineers detected the suspicious activity. While the extent of data theft remains unclear, experts believe North Korea’s interest in the Zircon hypersonic missile suggests they sought information on its design and manufacturing process.
The leaked internal communications from an NPO Mash IT staffer accidentally provided a glimpse into the company’s compromised state, offering valuable insight into clandestine cyber operations that usually remain concealed. Nicholas Weaver and Matt Tait, independent computer security experts, verified the authenticity of the exposed email content.
NPO Mash’s strategic importance to Russia, coupled with its history as a premier satellite maker and cruise missile provider, makes it a prime target for cyber-espionage. However, experts caution that possessing plans alone may not equate to the ability to replicate advanced missile technologies.
The incident sheds light on North Korea’s willingness to target even its allies, such as Russia, in pursuit of critical technologies. It also highlights the sophistication and reach of North Korean hacking capabilities, revealing their potential to breach highly sensitive and secured networks. As investigations continue, the global cybersecurity community remains vigilant against future cyber threats from state-sponsored actors like North Korea.