Microsoft Reports North Korean Hackers Targeting Russian Government and Defense Enterprises

According to Microsoft, North Korean hacking groups breached several Russian entities connected to the government and defense sector in 2023. The company states that the attackers are gathering intelligence within compromised Russian systems.

“Recently, several North Korean threat actors have attacked the Russian government and defense industry, likely for intelligence gathering purposes,” wrote Clint Watts, head of the Microsoft Digital Threat Analysis Center.

Microsoft has not disclosed specific details about these attacks or identified which Russian organizations were compromised. However, the company’s report does provide some information about the timing of certain incidents.

For example, Microsoft reports that in March of this year, a Russian organization involved in aerospace research was hacked, and several Russian diplomatic accounts were also compromised.

“In March 2023, the Ruby Sleet group breached an aerospace research institute in Russia. Additionally, in early March, the Onyx Sleet (PLUTONIUM) group compromised a device belonging to a Russian university,” the report states. “Also, during the same month, attackers from Opal Sleet (OSMIUM) sent phishing emails to accounts belonging to Russian diplomatic missions.”

The report notes that cyberattacks by the Ruby Sleet group (also known as CERIUM) and Diamond Sleet (also known as ZINC and Lazarus) have also targeted weapons manufacturers in various countries, including Germany and Israel. From November 2022 to January 2023, defense enterprises in Brazil, the Czech Republic, Finland, Italy, Norway, and Poland were also affected by these breaches.