A North Korean-linked hacker group recently breached an engineering company with military ties, U.S. cybersecurity firm Symantec said Wednesday, in Pyongyang’s latest cyberattack aimed at bolstering its weapons development program.
The hackers, known as Stonefly, have been in operation since at least 2009, but in recent years have narrowed their focus “solely to espionage operations against select, high-value targets,” security experts with Symantec said in a blog post.
“Virtually all of the technologies it appears to be interested in have military as well as civilian uses and some could have applications in the development of advanced weaponry,” the post said.
Stonefly’s most recent known attack was in February against an engineering firm working in the energy and military sectors. The hackers were able to break into one of the firm’s servers and install backdoor malware that allowed them to secretly steal data over several days.
“The group’s capabilities and its narrow focus on acquiring sensitive information make it one of the most potent North Korean cyber threat actors operating today,” Symantec said.
The warning comes on the heels of a $620 million cryptocurrency heist, the largest in history, by North Korea’s Lazarus Group.
A trio of U.S. agencies warned last week that North Korea was stepping up cyberattacks on cryptocurrency and blockchain platforms as the secretive regime looks for ways to evade international sanctions.
Despite an economy that has grown even more isolated by the COVID-19 pandemic, North Korea is prioritizing its weapons program. Pyongyang has unleashed a flurry of missile launches since the beginning of the year and officials in Washington and Seoul have warned that a nuclear test may be on the horizon.