North Korean Hackers Breach German Defense Firm Diehl Defence

North Korea Breaches Diehl

A sophisticated hacking group linked to the North Korean government has successfully breached Diehl Defence, a prominent German manufacturer of Iris-T air defense systems, through an elaborate phishing campaign. The attack, attributed to the Kimsuky Advanced Persistent Threat (APT) group, involved fake job offers and advanced social engineering tactics, according to a report by Der Spiegel.

The Kimsuky APT, also known by aliases such as APT43, Velvet Chollima, and Emerald Sleet, utilized booby-trapped PDF files and spear-phishing lures to target Diehl Defence employees with enticing job offers from American defense contractors. This breach is particularly significant given Diehl Defence’s role in producing military weapons, including a recent contract to supply South Korea with Iris-T short-range air-to-air missiles.

Researchers at Mandiant, who investigated the breach, revealed that the attackers conducted detailed reconnaissance on Diehl Defence before launching their spear-phishing attacks. The hackers cleverly disguised their attack server with an address containing “Uberlingen,” referencing Diehl Defence’s location in Überlingen, Southern Germany. Additionally, the server hosted authentic-looking German-language login pages mimicking those of telecommunications provider Telekom and email service GMX, indicating a broader effort to harvest login credentials from German users.

The Kimsuky group, known for its intelligence-gathering operations in support of Pyongyang’s nuclear and strategic initiatives, has a history of targeting governments, think tanks, research centers, universities, and news organizations across the United States, Europe, and Asia. The U.S. government has imposed sanctions on individuals associated with Kimsuky and issued multiple advisories detailing the group’s hacking activities.

This incident underscores the critical need for robust Security Awareness Training within organizations, particularly those in the defense sector. Employees must be vigilant against sophisticated phishing schemes and social engineering tactics to protect sensitive information and infrastructure.

Get Modern Security Awareness Training

After the recent phishing attack on Diehl Defence, it’s clear that Security Awareness Training is more important than ever. Adaptive Security offers AI security awareness training that can be tailored to your business. The training covers emerging AI threats and educates workers on how to use AI tools, linking security to productivity. The training modules are interactive and last 3-5 minutes and easy to complete on mobile or desktop.

For more detailed information on the breach, you can read more at SecurityWeek.