North Korean hackers carrying out economic and industrial espionage.
North Korean cyber operators have apparently been busy, recently. US Cyber Command posted seven DPRK-linked malware samples to VirusTotal which the Command says are "currently used for fund generation and malicious cyber activities including remote access, beaconing, and malware command." CyberScoop says the samples are malware loaders, backdoors, and backdoor builders that are similar to well-known North Korean malware families.
The motives in the other suspected North Korean attacks are less clear. Asia Times points to more evidence that North Korea was behind a malware attack on India's Kudankulam Nuclear Power Plant (KKNPP), citing an analysis by a researcher at Issue Makers Lab which found that North Korean hackers, traditionally associated with financially motivated hacking, "have now been tasked with either disrupting atomic plants or stealing atomic technologies." The researcher also concluded that the malware entered the plant's IT networks after someone connected to KKNPP's domain clicked on a malware-laden phishing link. What the Lazarus Group was after, assuming the attribution that’s being widely circulated in the press holds up, remains obscure, but Indian government sources told Asia Times that the attackers were trying to glean information about the plant's nuclear fuel yields, which could have helped them better understand India's military nuclear capabilities. And, of course, the operation could have also involved reconnaissance, staging, or simply collateral damage from some other campaign. In any case, Indian authorities continue to reassure the public that only administrative systems, and not control systems, were affected by the DTrack malware found at Kudankulam, but they're also remaining relatively tight-lipped.
More curiously, the Indian Express reports that ISRO, the Indian Space Research Organization, was also warned of a DTrack infestation, believed to be of North Korean origin. The warning arrived during the space agency's Chandrayaan-2 lunar mission which failed when controllers lost contact with the spacecraft during its September 6th landing attempt. Again, the motive for the attack is unclear, as is the effect, if any, it might have had on the flight. ISRO has been relatively tight-lipped about the cause of the lander’s failure. It is, we should note, the landing that failed; other aspects of the mission did not. Chandrayaan’s lunar orbiter is up and working, sending data back to ISRO’s ground station.
The group to which these various operations is being attributed is, of course, Hidden Cobra, also known as the Lazarus Group.