North Korea suspected of hacking South Korean defense contractor

Officials are not certain DPRK is behind the attacks, but they won't rule it out either

north korea 970x546

North Korean leader Kim Jong Un

Credit: REUTERS/North Korea's Korean Central News Agency (KCNA)

On Tuesday, South Korean officials announced an investigation into a security incident at Hanjin Heavy Industries & Construction Co., one of the key contractors involved with building out the nation's naval fleet.

North Korea is their top suspect, despite a lack of evidence.

According to local media reports, first published by Yonhap, South Korea's Defense Security Command released a statement that they've opened an investigation into the April 20 hacking at Hanjin.

"After identifying signs that Hanjin Heavy Industries may have been hacked on April 20, the Defense Security Command is currently leading a security investigation into whether any military secrets were leaked and whether North Korea was involved," official sources told the news service.

Hanjin is responsible for the development of some of the largest frigates and amphibious assault vessels used by South Korea's Navy, including the ROKS Dokdo. At this stage of the investigation, officials said there isn't any concrete evidence proving DPRK was behind the attack, but they're not going to rule out the possibility.

"North Korea could have been involved, but we are not absolutely sure at this stage," the official said.

The naming of North Korea as a suspect in a recent DIB hacking incident has peculiar timing.

For the last week, Salted Hash has had sources close to active IR investigations discussing artifacts and IOCs that suggest Lazarus Group has been active recently.

Lazarus Group is the name given to a group of actors, which many believe to be responsible for a number of attacks over the years, including the hack at Sony Pictures and attacks against other DIB contractors in South Korea.

The group is believed to have strong ties to DPRK, but others believe they're officially sanctioned by the rogue nation directly. There is nothing solid to suggest the IR investigations and the Hanjin attack are related, but the timing is certainly odd.

DPRK officials have said this latest investigation is nothing more than a political play, calling the reported attacks at Hanjin fabricated.

Insider: These ransomware situations can result in colossal outcomes
View Comments
Join the discussion
Be the first to comment on this article. Our Commenting Policies