An elite group of North Korean hackers secretly installed malware and accessed computer networks at NPO Mashinostroyeniya, a major Russian missile design bureau, for at least five months last year, according to technical evidence reviewed by Reuters and analysis from security researchers.
Reuters found that cyberespionage teams linked to the North Korean government, known to researchers as ScarCruft and Lazarus, covertly installed digital backdoors into systems at the rocket design bureau based in Reutov, near Moscow.
Reuters could not determine whether any data was stolen during the breach or what information may have been accessed. In the months after the hack, Pyongyang announced developments in its banned ballistic missile program, but it is unclear if this was related.
According to technical data, the intrusion began around late 2021 and continued until May 2022, when IT engineers at the company detected the activity, according to internal communications reviewed by Reuters.
It’s unclear if any data was stolen, but in following months Pyongyang announced developments in its banned missile program. Experts say it shows North Korea is willing to target even allies to acquire key technologies.
Markus Schiller, a missile expert, said obtaining plans wouldn’t immediately give Pyongyang capabilities, but “there is much to learn” from a developer like NPO Mashinostroyeniya.
Another area of interest could be manufacturing processes for solid propellants, which allow faster missile deployment. NPO Mash produces solid-fueled ICBMs.
