Based on a compelling data leak within Russia's defense sector, we recently unearthed an intrusion by DPRK-affiliated threat actors into the Russian missile engineering firm NPO Mashinostroyeniya. With an intensive public display of the strengthening military relationship between the two countries, our findings provide rare insight into DPRK’s clandestine operations against Russia. Join us as we navigate the intricacies of this breach, contextualizing it within today's geopolitical landscape.
This presentation begins by exploring the ties between DPRK and Russia during the period of the noted breach. We subsequently delve into our methods for pinpointing and recognizing the data breach at NPO Mashinostroyeniya and its significance in the Russian Defense Industrial Base. We then shed light on the organization's security challenges and highlight the threat activity we attribute to DPRK, amidst a slew of peculiar infections and abused network services. We finish by discussing the complexities and dilemmas we faced during this distinctive intrusion investigation.