Over ten domestic defense industry firms have suffered data leaks in the first-ever verified concentrated cyber attacks by North Korean hacking groups, including Lazarus and Kimsuky.

The National Office of Investigation(NOI) said on Tuesday that it has confirmed North Korean hacking groups digitally infiltrated more than ten out of 83 defense industry companies during a preliminary probe conducted from March last year.

In November 2022, the Lazarus group siphoned data by infecting an external computer network with malware at one of the companies. The hackers then accessed a system linking the firm's internal and external networks.

In October the same year, another group, Andariel, stole files on defense technology by installing malware after seizing a maintenance company’s account information. The Kimsuky group stole data for three months last year by downloading large files sent and received by email.
 
While not disclosing the type or amount of data stolen for national security reasons, the police reportedly believe additional hacking organizations are active.