The North Korean hacker group Lazarus targeted an Israeli security company for industrial espionage purposes, ClearSky, a cybersecurity firm, reported on Sunday.
ClearSky said the cyberattack was discovered on March 7, when an employee of the unidentified security company received a suspicious-looking message from a colleague on his company’s internal messaging system.
The email, which was written in broken Hebrew, contained a malicious file that was uploaded for examination to the online service VirusTotal, which allows files to be checked by dozens of antivirus programs simultaenously.
“We believe with moderate certainty that the attack was carried out by the North Korean Lazarus group. If that is true, it would be one of the firs [by the group] directed at Israel, as far as we know,” the report said.
“North Korea has its own unique characteristics,” ClearSky CEO Boaz Dolev told Haaretz. “It stages attacks as a country would and steals money like a criminal organization.”
One of the issues that is currently preoccupying the cybersecurity industry is concern over computer software vulnerabilities that are unknown to cybersecurity experts or even to software developers themselves.
- Tel-Aviv Times? Iran created fake Hebrew news sites in major 'influence campaign'
- South Korea to buy Israeli warning radar despite warming ties with North
- Months before Shin Bet warning, Israeli cyber chief cautioned of election interference
Until they are discovered and blocked by software patches or other means, they can be exploited to commit cyberattacks. Such vulnerabilities are considered the holy grail of cyberespionage and companies and intelligence agencies are prepared to pay tens of thousands of dollars or more for information about such potential breaches.
But in the case at hand, as in many others, the vulnerability — due to the fact that the email as opened with Winrar software that had not been updated — had been publicized by Israel’s Check Point Software Technologies last month. But it’s doubtful that most users have updated their software.
Dolev added: “The case of Winrar is especially worrisome because it’s a program installed on hundreds of millions of computers in Israel and all over the world, but it doesn’t have an automatic update mechanism to provide protection if necessary.”