North Korean Hackers Cited in Rare Attack in Israel

The plot was uncovered when an employee of the unidentified Israeli firm received an email from a colleague in broken Hebrew

North Korea's leader Kim Jong Un attends a welcoming ceremony at the Presidential Palace in Hanoi , Vietnam, March 1, 2019.
Reuters

The North Korean hacker group Lazarus targeted an Israeli security company for industrial espionage purposes, ClearSky, a cybersecurity firm, reported on Sunday.

ClearSky said the cyberattack was discovered on March 7, when an employee of the unidentified security company received a suspicious-looking message from a colleague on his company’s internal messaging system.

The email, which was written in broken Hebrew, contained a malicious file that was uploaded for examination to the online service VirusTotal, which allows files to be checked by dozens of antivirus programs simultaenously.

To really understand Israel and the Middle East - subscribe to Haaretz

“We believe with moderate certainty that the attack was carried out by the North Korean Lazarus group. If that is true, it would be one of the firs [by the group] directed at Israel, as far as we know,” the report said.

FILE Photo: ClearSky Cyber Security CEO Boaz Dolev.
No credit

North Korea has its own unique characteristics,” ClearSky CEO Boaz Dolev told Haaretz. “It stages attacks as a country would and steals money like a criminal organization.”

One of the issues that is currently preoccupying the cybersecurity industry is concern over computer software vulnerabilities that are unknown to cybersecurity experts or even to software developers themselves.

Until they are discovered and blocked by software patches or other means, they can be exploited to commit cyberattacks. Such vulnerabilities are considered the holy grail of cyberespionage and companies and intelligence agencies are prepared to pay tens of thousands of dollars or more for information about such potential breaches.

But in the case at hand, as in many others, the vulnerability — due to the fact that the email as opened with Winrar software that had not been updated — had been publicized by Israel’s Check Point Software Technologies last month. But it’s doubtful that most users have updated their software.

Dolev added: “The case of Winrar is especially worrisome because it’s a program installed on hundreds of millions of computers in Israel and all over the world, but it doesn’t have an automatic update mechanism to provide protection if necessary.”