North Korea Attacking Russia-Based Companies, Check Point Says

Nasdaq-listed network and cloud security provider Check Point Software Technologies Ltd. has been “monitoring suspicious activity” directed against Russian-based companies by North Korea-backed hackers, the company announced Tuesday.

For daily updates, subscribe to our newsletter by clicking here.

North Korea and Russia share a border spanning approximately 17 kilometers, with an infrequent train running between both countries. During the cold war, the Soviet Union accounted for about half of North Korea's foreign trade throughout the 1970s and 1980s. Relations have since deteriorated, with Russia supporting several U.N. votes on sanctions against Pyongyang.

Check Point links the “suspicious activity” to the North Korean hacking group Lazarus. Also known as Hidden Cobra, the group is known to be a North Korean sponsored threat actor. Lazarus was allegedly responsible for stealing $81 million from the Central Bank of Bangladesh in 2016, one of the largest cyber heists of all time, according to Russian-based cybersecurity company Kaspersky Lab.

The attack came in the form of multiple malicious MS Office files, which Check Point analysts believe belonged to the early stages of an infection chain which led to a variant of a Lazarus backdoor.