North Korean hackers exploit cloud services to deploy malware, target critical sectors

North Korean cyber actors, including groups like Kimsuky and ScarCruft, have intensified their cyberattacks by exploiting cloud-based services such as Google Drive, Microsoft OneDrive, and Zoho to distribute malware.

This marks a shift in tactics, as these threat groups increasingly use legitimate platforms to infiltrate systems and steal funds, including cryptocurrencies, to finance the regime’s weapons of mass destruction (WMD) programs.

ESET’s latest report, covering April to September 2024, highlights the growing sophistication of cyberattacks from nation-state actors, with North Korea among the most active. The cloud-based exploitation is part of a broader pattern, as Kimsuky and ScarCruft continue to target critical sectors, including defense, aerospace, and cryptocurrency industries, across Europe, the United States, and other regions.

“North Korean threat actors have consistently targeted vital sectors to fund their strategic goals, often using trusted platforms to bypass traditional security defenses,” said the report. This shift in attack methods underscores the evolving nature of cyber threats, with North Korea’s focus on stealing funds as a key enabler for its WMD programs.

While China-aligned groups like MirrorFace and GALLIUM have expanded their reach, and Iran-linked actors have conducted widespread cyberespionage, North Korea’s persistent targeting of financial and strategic industries remains a critical concern. Their cyber activities are now a significant part of the growing global threat landscape, where cyberattacks are increasingly leveraged for geopolitical gain.