North Korean Hackers Cited in Rare Attack in Israel

The plot was uncovered when an employee of the unidentified Israeli firm received an email from a colleague in broken Hebrew

Oded Yaron
Oded Yaron
Send in e-mailSend in e-mail
North Korea's leader Kim Jong Un attends a welcoming ceremony at the Presidential Palace in Hanoi , Vietnam, March 1, 2019.
North Korea's leader Kim Jong Un attends a welcoming ceremony at the Presidential Palace in Hanoi , Vietnam, March 1, 2019.Credit: Reuters
Oded Yaron
Oded Yaron

The North Korean hacker group Lazarus targeted an Israeli security company for industrial espionage purposes, ClearSky, a cybersecurity firm, reported on Sunday.

ClearSky said the cyberattack was discovered on March 7, when an employee of the unidentified security company received a suspicious-looking message from a colleague on his company’s internal messaging system.

The email, which was written in broken Hebrew, contained a malicious file that was uploaded for examination to the online service VirusTotal, which allows files to be checked by dozens of antivirus programs simultaenously.

To really understand Israel and the Middle East - subscribe to Haaretz

“We believe with moderate certainty that the attack was carried out by the North Korean Lazarus group. If that is true, it would be one of the firs [by the group] directed at Israel, as far as we know,” the report said.

FILE Photo: ClearSky Cyber Security CEO Boaz Dolev. Credit: No credit

North Korea has its own unique characteristics,” ClearSky CEO Boaz Dolev told Haaretz. “It stages attacks as a country would and steals money like a criminal organization.”

One of the issues that is currently preoccupying the cybersecurity industry is concern over computer software vulnerabilities that are unknown to cybersecurity experts or even to software developers themselves.

Until they are discovered and blocked by software patches or other means, they can be exploited to commit cyberattacks. Such vulnerabilities are considered the holy grail of cyberespionage and companies and intelligence agencies are prepared to pay tens of thousands of dollars or more for information about such potential breaches.

But in the case at hand, as in many others, the vulnerability — due to the fact that the email as opened with Winrar software that had not been updated — had been publicized by Israel’s Check Point Software Technologies last month. But it’s doubtful that most users have updated their software.

Dolev added: “The case of Winrar is especially worrisome because it’s a program installed on hundreds of millions of computers in Israel and all over the world, but it doesn’t have an automatic update mechanism to provide protection if necessary.”

Click the alert icon to follow topics:



Automatic approval of subscriber comments.

Subscribe today and save 40%

Already signed up? LOG IN


Soldiers using warfare devices made by the Israeli defense electronics company Elbit Systems.

Russia-Ukraine War Catapults Israeli Arms Industry to Global Stage

Flame and smoke rise during an Israeli air strike, amid Israel-Gaza fighting, in Gaza City August 6, 2022.

Israel Should End Gaza Operation Now, if It Can

Rio. Not all Jewish men wear black hats.

What Does a Jew Look Like? The Brits Don't Seem to Know

Karolina Bielowka.

'My Uncle Told Me, ‘Go on the Trip of Your Life, Go Dig in Israel.’ So I Did'

The replica ship, 'Ma’agan Mikhael II,' sailing from Haifa to Acre in northern Israel.

Replica of 2,400-year-old Ship Solves Ancient Mediterranean Mystery

File photo: Bus operated by Kavim company.

Ultra-Orthodox Extremists Assault Woman for Sitting at Front of Jerusalem Bus