A major Russian missile developer, NPO Mashinostroyeniya, was infiltrated by a group of North Korean hackers known as ScarCruft and Lazarus for at least five months in 2021. The hackers installed digital backdoors into the systems of NPO Mashinostroyeniya, which specializes in the development of hypersonic missiles, satellite technologies, and ballistic armaments.

It is unclear if any data was stolen or viewed during the breach. NPO Mashinostroyeniya’s IT engineers discovered the intrusion in May 2022, and cybersecurity firm SentinelOne believes that North Korea was behind the attack. The reuse of previously known malware and infrastructure used in other intrusions pointed to the involvement of North Korean hackers.

The breach potentially provided North Korea with information about NPO Mash’s hypersonic missile, “Zircon.” However, experts emphasize that having access to plans does not necessarily mean having the capability to produce the missile. NPO Mash’s expertise and knowledge in missile design and production make it a valuable target for countries seeking advancements in missile technology.

Another area of interest for North Korea may be NPO Mash’s manufacturing process for rocket fuel. North Korea recently conducted a test launch of its first Intercontinental Ballistic Missile (ICBM) using solid propellants. NPO Mash produces an ICBM that is fueled in the factory and sealed shut, providing similar strategic advantages for faster missile deployment during war.

This breach underscores the growing threat of cyber espionage and highlights the need for enhanced cybersecurity measures to safeguard critical infrastructure and sensitive information. North Korea’s willingness to target even its allies in pursuit of critical technologies drives the urgency for stronger defenses against cyber attacks.