The Nationwide Intelligence Service (NIS) in South Korea warns that North Korean hackers goal home semiconductor producers in cyber espionage assaults.
NIS says these assaults elevated within the second half of 2023 till just lately, focusing on internet-exposed servers weak to recognized flaws for preliminary entry to company networks.
As soon as the community was breached, the menace actors stole information from servers holding delicate paperwork and information.
Within the instances noticed by the NIS, the North Korean adversaries used “dwelling off the land” techniques, which entails abusing reputable software program instruments for malicious functions to evade detection by safety merchandise.
The NIS mentions no less than two cyberattacks on separate entities, occurring in December 2023 and February 2024, the place the corporate’s configuration administration and safety coverage servers had been hacked.
This reportedly resulted within the compromise of product design drawings and facility website pictures, amongst different delicate information.
The 2 victims aren’t named within the report, however it’s price noting that South Korea is residence to 2 main chipmakers, Samsung Electronics and SK Hynix, who develop and produce a variety of processor, system-on-chips, and DRAM, and NAND flash merchandise.
In line with the US Division of Commerce, Samsung Electronics and SK Hynix are accountable for 73 p.c of the worldwide DRAM market share and 51 p.c of the NAND flash market.Â
The 2 companies play important roles within the international semiconductor provide chain, offering chips for a wide selection of notable companies throughout numerous industries globally, together with Apple, Google, Microsoft, Amazon, Sony, Dell, and lots of automotive and client digital makers.
NIS reckons that these cyberattacks are geared toward accumulating worthwhile technical data that the North Korean regime might use to develop its personal chip-making program and canopy army gear wants.
The intel org says it notified the home victims of the cyberattacks and offered suggestions on detecting and stopping them.
An NIS official additionally highlighted the significance of making use of safety updates and strict entry controls on internet-exposed servers, in addition to constantly making use of and updating sturdy authentication processes for directors to forestall unauthorized entry by way of hijacked privileged accounts.
