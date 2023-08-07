Pyongyang is biting the hand that feeds it.



Two elite teams of North Korean hackers spent five months roaming among the servers and secrets of a Russian arms company that makes ballistic missiles and military spacecraft, a U.S.-based information security firm revealed Monday.

The government-linked cyber-spy groups, dubbed ScarCruft and Lazarus, planted digital backdoors into systems at NPO Mashinostroyeniya, a rocket design company based in Reutov, on the outskirts of Moscow, Reuters reported.

“With a high level of confidence, we attribute this intrusion to threat actors independently associated with North Korea,” SentinelOne researchers Tom Hegel and Aleksandar Milenkoski wrote.

“This incident stands as a compelling illustration of North Korea’s proactive measures to covertly advance their missile development objectives.”



It was unclear what, if anything, the hackers stole from the Russian defense firm, but news of the breach comes amid a recent failed North Korean satellite launch, Pyongyang’s ongoing development of a ballistic missile program – and a likely deal to swap artillery ammunition for Russian grain.

North Korea is in the middle of a food crisis brought on in part by its decision to close its borders to all trade during the Covid-19 pandemic.

“Food availability has likely fallen below the bare minimum with regard to human needs, and on one metric, is at its worst since the country’s famine in the 1990s,” the monitoring site 38 North said in January.

The hack at NPO Mashinostroyeniya showed Pyongyang’s conflicting priorities, and a possible bet that Russia’s dire need of North Korean ammunition for the war in Ukraine will help it overlook the digital intrusion into its strategic missile supply chain.

Russian Defense Minister Sergei Shoigu traveled to Pyongyang on July 26 amid U.S. accusations that a sanctions-busting food-for-arms swap was in the works. The Wall Street Journal, citing declassified documents, reported last week that the deal appeared to be going forward.

North Korea received more than 1,300 tons of wheat flour from Russia in May, NK News reported.

SentinelOne said the hackers had re-used previously known North Korea malware during their email-based hack at the Russian missile maker.

In 2019, Russian President Vladimir Putin praised the company’s "Zircon" hypersonic missile as a "promising new product,” purportedly capable of flying at nine times the speed of sound.