 |
| North Korean hackers sent almost 900 spear phishing emails to South Korean foreign policy experts this year and attacked the country's online shopping malls to demand cyber assets, according to the National Police Agency. Gettyimagesbank |
Police say almost 900 received phishing emails, and some ended up paying ransom
By Ko Dong-hwan
North Korean carried out cyberattacks on at least 892 foreign policy experts from South Korea to steal their personal data and email lists as well as carrying out ransomware attacks against online malls, according to the National Police Agency. The South Korean authorities said Sunday that the attacks were meticulous enough to have tricked some of the victims into signing into fake websites, exposing their login details to the attackers.
The attacks, mainly targeting think tank experts and professors, began as early as last April, the agency said. The hackers sent spear phishing emails from multiple accounts posing as figures in South Korea, including a secretary from the office of Rep. Tae Yong-ho of the ruling People Power Party (PPP) in May, and an official from the Korea National Diplomatic Academy in October. The emails included a link to a fake website or an attachment carrying a virus that is triggered when opened.
"Even I was surprised by how the email looked so real," said Rep. Tae, a North Korean defector, in a press conference he hosted at the National Assembly on Sunday. "At first I thought it was sent by my office and I asked my secretary to verify it."
Forty-nine of the recipients ended up visiting the fake websites and logging in, allowing the hackers to infiltrate and monitor their email accounts and download data from them, the agency said.
The police said that the hackers laundered their IP addresses and employed 326 "detour" servers in 26 countries to make it difficult to trace them online.
The police suspect that the hackers are the same group that hacked Korea Hydro & Nuclear Power in 2014. The authorities pointed to the IP addresses indicating the origin of attack, the hackers' attempts to coax their targets into signing up for foreign websites, how the hackers infiltrated and managed the detour servers, the hackers' use of North Korean diction, as well as the fact the hackers targeted experts of diplomacy, inter-Korean unification, national security and defense as reasons to believe so. The police mentioned they investigated a North Korean hacking group called Kimsuky numerous times.
 |
| Paik Jong-wook from the National Intelligence Service speaks during a press conference at a national cybersecurity cooperation center in Seongnam, Gyeonggi Province, Dec. 22. Courtesy of National Intelligence Service |
The police also said this year was also the first time they detected North Korean hackers using ransomware, which encrypts the files of the target device and demands a ransom for unlocking them. Apart from sending emails to the foreign policy experts, the hackers attacked shopping malls with cybersecurity vulnerability. Nineteen servers operated by 13 companies were hit and two of the businesses paid 2.5 million won ($1,980) worth of bitcoins to the group as a ransom.
Lee Gyu-bong, chief of the police agency's counter cyber terror bureau, said it has been tracking the email addresses from which the spear phishing mails were sent as well as inspecting bitcoin exchange markets overseas.
The police suspect that North Korean hackers' activities will continue for some time and urged people to increase security for their email accounts and other personal databases.
In a press conference last Thursday, the National Intelligence Service (NIS) also predicted Pyongyang's cyberattacks to continue next year. Forecasting potential threats to the country's cybersecurity in 2023, Paik Jong-wook, one of the deputy presidents of the NIS, said that state-backed hackers like those from North Korea and China will continue their attacks on Seoul to steal South Korean technologies related to the nuclear industry, space, semiconductors, national defense and joint strategies with the U.S. against Pyongyang.
"North Korean hackers might use deepfakes to produce and spread fake videos online as propaganda against Seoul, just like how Ukrainian President Zelenskyy was portrayed in a fake video surrendering to Russia in the early phase of the ongoing war," Paik said. "We consider smartphones, computers and other personal devices of the president and ministers primary targets to protect from those hackers."
Paik said North Korean hackers are trained to have the world's top capabilities to infiltrate virtual assets like digital coins. He assumed Pyongyang has stolen some 1.5 trillion won in cryptocurrency around the world since 2017, including 80 million won this year alone, and more than 10 million won from South Korea.
"There were an average of 1.18 million attempted cyberattacks by organized hackers from across the world against the South Korean government per day last month," Paik said. "It's no longer true that this volume of online attacks can be prevented singularly by the government."
The NIS on Nov. 30 introduced a new cybersecurity cooperation center so that the government and private cybersecurity providers can work jointly to protect against cyberattacks around the clock.
友情鏈接:
