Revelation of the cyber attack
In recent days, it became known that the IT systems of a major Russian missile manufacturer, NPO Mashinostrojeniya, were infiltrated by a hacker group. According to reports, the attackers are the North Korean group called Scarcruft, also known as APT37.
Intrusion through data leak
The revelation of the cyberattack came from security analysts at Sentinellabs, who gained access to confidential internal emails from the missile manufacturer after they surfaced due to a data leak. The analysts came across evidence that NPO Mashinostrojenija’s IT staff had previously noticed suspicious activity on the company’s network.
Malicious DLL file discovered
Upon further investigation, the missile manufacturer’s administrators discovered a malicious DLL file on the infiltrated servers. As a result, external security experts were brought in to investigate the incident further. Sentinellabs’ report suggests that the hackers had introduced Opencarrot, a Windows backdoor, into the Russian company. Opencarrot has previously been linked to the North Korean hacking group Lazarus.
Extensive access rights through Opencarrot
The Opencarrot backdoor gave the attackers wide-ranging access rights to the infected systems. This allowed them to manipulate files and processes and communicate via an external server. They also used the backdoor to infect other systems via newly connected USB data carriers.
Cause of the attack unclear
So far, it is not conclusively clear how exactly the Scarcruft hackers were able to gain access to NPO Maschinostrojenija’s IT systems. However, Sentinellabs analysts found evidence of the use of tools and techniques that have already been assigned to the hacker group in the past, especially in connection with the characteristic Rokrat backdoor.
NPO Mashinostrojeniya as a missile manufacturer.
The missile manufacturer NPO Mashinostrojeniya supplies the Russian and Indian armies, among others, with defensive and offensive missiles. In 2014, sanctions were imposed on the company by the U.S. government.
Conclusion: vigilance in the networked world
This incident again highlights the importance of cybersecurity and protecting sensitive data in today’s connected world. Companies and organizations must remain vigilant and proactively safeguard against potential cyberattacks to protect themselves and their customers from