The North Korean-linked hacking group "Stonefly" is continuing digital counterintelligence efforts, targeting specific engineering companies most likely to possess sensitive intellectual property.
U.S. cyber security firm Symantec Enterprise released a report on Wednesday which said Stonefly attacked an engineering firm involved in energy and the military, most likely by exploiting the company’s public server.
It damaged 18 computers and installed an updated version of its backdoor malware to breach firewalls and covertly access confidential information.
Symantec, however, did not reveal the name of the company or the scope of the targeted data. It stated that Stonefly's tools and tactics have evolved in the past few years, specializing in confidential intellectual property.
Also known as DarkSeoul, BlackMine, Operation Troy, and Silent Chollima,
Symantec traced Stonefly’s activity back to distributed denial-of-service (DDoS) attacks in July 2009 against South Korean, U.S. government, and financial websites.