National Security

North Korea-Linked Hackers That Broke Into Sony May Be Targeting US Defense Contractors

Photo: Shutterstock/welcomia

Daily Caller News Foundation logo
Thomas Phippen Associate Editor
Font Size:

An international cyber-espionage group allegedly connected with North Korea and the 2014 hack on Sony Pictures has been trying to break into networks at U.S. defense contractors, according to a report by cybersecurity company Palo Alto Networks.

The hacking group known as the Lazarus Group, which has been linked to the WannaCry ransomware attacks this year and the hack on Sony, may be responsible for the fishing expedition for sensitive U.S. defense intel, according to Palo Alto Networks.

The attacks targeted individuals at top defense firms between April and July 2017 using malicious documents filled with code related to the Sony hack, ransomware attacks and Operation Blockbuster, all tentatively linked to Lazarus and North Korea.

“Recently, we’ve identified weaponized Microsoft Office Document files which use the same malicious macros as attacks from earlier this year,” Anthony Kasza, lead researcher at Palo Alto, said in the report.

The Microsoft Office document files include “macros,” or malicious commands to the host computer that execute automatically when the document is viewed. The documents appear to be copies of real job postings for defense firms.

“Based on the contents of these latest decoy documents which are displayed to a victim after opening the weaponized document the attackers have switched targets from Korean language speakers to English language speakers,” the report said. “Most notably, decoy document themes now include job role descriptions and internal policies from U.S. defense contractors.”

The unique code in the malicious documents is similar to what Lazarus used in the global ransomware attacks earlier this year. (RELATED: More Clues Suggest North Korea Behind Massive Global Cyberattack)

Lazarus used already compromised computers to host the malicious documents and send them to systems at top defense firms as part of an intelligence phishing scheme.

Tensions between the U.S. and North Korea increased in the past few weeks after reports that the small nation possessed long-range intercontinental ballistic missiles capable of launching miniaturized nuclear warheads at American cities.

Follow Thomas Phippen on Twitter

Send tips to

Content created by The Daily Caller News Foundation is available without charge to any eligible news publisher that can provide a large audience. For licensing opportunities of our original content, please contact