Israel says it has thwarted a hacking attack by a North Korean-linked group against its military industries, a claim challenged by a cybersecurity firm, which says the hackers penetrated the targeted systems and likely stole a large amount of classified data.
Israel’s ministry for military affairs said in a statement on Wednesday that the hackers, posing as potential employers, had asked to send their targets a list of job requirements.
The file contained invisible spyware that infiltrated the employee’s personal computer and attempted to penetrate into classified Israeli networks and gather sensitive information.
The group, known as Lazarus, built phony profiles on the LinkedIn network to disguise its hackers and separately attempted to hack Israeli military firms via their websites, the ministry said.
The Israel ministry claimed the attack was thwarted “in real time” and that there was no “harm or disruption” to its computer systems.
It did not identify what companies were targeted or when the incidents took place.
However, security researchers at ClearSky, the international cybersecurity firm, which first exposed the attack, said the North Korean hackers penetrated the computer systems and were likely to have stolen a large amount of classified data.
ClearSky researchers said that the attack on Israel’s military industry began with a LinkedIn message last June.
North Korean hackers posing as a Boeing headhunter sent a message to a senior engineer at an Israeli administration-owned company that manufactures weapons for the Israeli military and intelligence.
The hackers created a fake LinkedIn profile for the headhunter, Dana Lopp.
Lopp is indeed a senior personnel recruiter at Boeing.
She was one of several headhunters from prominent defense and aerospace companies — including Boeing, McDonnell Douglas and BAE Systems — whom North Korea’s hackers mimicked on LinkedIn.
After establishing contact with their Israeli targets, the hackers asked for an email address or phone number to connect via WhatsApp or, to increase credibility, suggested switching to a live call.
Some of those who received the calls, and whom ClearSky approached later, said the other side spoke English without an accent and sounded credible.
The researchers said that the level of sophistication had not been demonstrated by Lazarus before.
Israeli officials speculated Wednesday that North Korea may have outsourced some of their operation to native English speakers abroad.
ClearSky said the attacks, which started early this year, “succeeded, in our assessment, to infect several dozen companies and organizations in Israel” and around the globe.
“North Korea’s Lazarus is once again proving high capability and originality in its social engineering and hacking methods,” said Boaz Dolev, the chief executive and owner of ClearSky.
American and Israeli officials have said the Lazarus Group, also known as Hidden Cobra, is backed by Pyongyang.
US prosecutors have accused the hacking unit of orchestrating the leak of emails from Sony Pictures in 2014 and stealing tens of millions of dollars from the Central Bank of Bangladesh in 2016.
Pyongyang has neither confirmed nor denied the report.
Israeli officials fear that classified data stolen by North Korea could be shared with Iran, which has been the target of US and Israeli cyber terrorism for a decade, including attempts to remotely sabotage the Islamic Republic’s nuclear program.
Earlier in May, Israel carried out a cyber terrorist attack that caused disruption at an Iran’s Shahid Rajaee port, briefly knocking computers at the port terminal off line.
According to a report by the Washington Post, the US and foreign government officials said the attack appeared to have originated from Israel which has a history of terrorist attacks on Iran’s nuclear energy program.