At some point, the hackers asked to send their targets a list of job requirements. That file contained invisible spyware that infiltrated the employee’s personal computer and attempted to crawl into classified Israeli networks.
ClearSky said the attacks, which started early this year, “succeeded, in our assessment, to infect several dozen companies and organizations in Israel” and around the globe.
The hacking campaign was a notable step up from a previous attempt by North Korea to hack the Israeli defense industry last year. In 2019, ClearSky reported a somewhat clumsy effort by Lazarus to break into an Israeli defense corporation’s computers by sending emails in broken Hebrew that were likely written with electronic translation. The emails immediately aroused suspicion and the attack was stopped.
North Korea’s hackers appear to have learned their lesson and in mid-2019 began using LinkedIn and WhatsApp to establish contact with a number of military industries in the West, attacking aerospace and defense companies in Europe and the Middle East. In August, a United Nations report said that North Korean hackers used similar methods to track officials of the organization and of member states.
Boaz Dolev, the chief executive and owner of ClearSky, said that in the wake of these reports the company began seeing attempts to attack Israeli defense companies. It quickly found Lazarus’s fake LinkedIn profiles and messages to employees of Israeli defense companies.
ClearSky researchers discovered that, in at least two cases, North Korea’s hackers had installed hacking tools on Israeli networks. The tool, known as a remote access trojan, has been used by North Korean hackers in previous cyberattacks on Turkish banks and other victims, stealing passwords and other data.
The successful installation was a red flag, researchers said, that North Korea made it further into the Israeli networks than officials let on.
Article source: https://www.nytimes.com/2020/08/12/world/middleeast/north-korea-hackers-israel.html