South Korea’s spy agency on Monday warned of a recent uptick in North Korean hacking threats against South Korean semiconductor firms.

The National Intelligence Service said North Korean hackers have been ramping up hacking efforts targeting South Korean semiconductor equipment makers since the latter half of 2023.

The NIS said the North Korean hackers mainly focused on companies whose servers are connected to the Internet and who had their vulnerabilities exposed.

The North Korean hackers used the “Living off the Land” or the LotL technique, which minimizes the use of malware and instead uses legitimate programs installed on the servers, the NIS said. This technique makes it harder for security tools to detect the attacks.

As examples of recent cases, the NIS cited two companies that were robbed of important commercial secrets such as product design drawings and photographs of facility sites from their servers over the past three months.

The NIS is working with the companies that suffered the North Korean hacking attacks to upgrade their security measures. Other semiconductor firms have been informed to conduct security checks to prevent damage.

The NIS recommended companies run security updates for servers exposed to the Internet and authenticate company accounts regularly to beef up security.

The NIS believes North Korea may be preparing to produce its own semiconductors amid sanctions imposed by the international community, to meet its rising demand for weapons such as satellites and missiles.

In another instance of a North Korean hacking attack, South Korea’s court administrator on Monday apologized for leaks perpetrated by Lazarus, a group of hackers linked to the North Korean regime, pledging to take security steps.

In a message uploaded to the Supreme Court website on Monday, the court administrator said that an investigation conducted since foreign hacking attempts were detected in February last year found that the attacks were believed to be of North Korean origin.

The investigation concluded that there was a high risk of North Korean hackers having broken into the judiciary servers and leaking confidential documents and other data.

“We would like to offer our deepest apologies to the public for causing great concern,” the message read. “Based on the findings of the investigation, we will be taking follow-up measures as promptly as we can to mend the security flaws and prevent future occurrences.”

Last year, the court administrator asked the police to investigate following preliminary findings that the techniques used to break into the networks were similar to the ones used by Lazarus.