North Korea hacked almost 900 South Korean foreign policy experts, sought ransom
- South Korean authorities said the attacks may have tricked some victims into signing into fake websites, exposing their login details to the attackers
- South Korea’s National Intelligence Service believes Pyongyang has stolen some US$1.72 billion in cryptocurrency around the world since 2017
North Korea carried out cyberattacks on at least 892 foreign policy experts from South Korea to steal their personal data and email lists as well as carrying out ransomware attacks against online malls, according to the National Police Agency. The South Korean authorities said on Sunday that the attacks were meticulous enough to have tricked some of the victims into signing into fake websites, exposing their login details to the attackers.
The attacks, mainly targeting think tank experts and professors, began as early as last April, the agency said. The hackers sent spear phishing emails from multiple accounts posing as figures in South Korea, including a secretary from the office of Tae Yong-ho of the ruling People Power Party (PPP) in May, and an official from the Korea National Diplomatic Academy in October. The emails included a link to a fake website or an attachment carrying a virus that is triggered when opened.
Forty-nine of the recipients ended up visiting the fake websites and logging in, allowing the hackers to infiltrate and monitor their email accounts and download data from them, the agency said.
01:48
Notorious ex-hacker hired by Vietnam’s cybersecurity agency to teach others on dangers of hacking
The police said that the hackers laundered their IP addresses and employed 326 “detour” servers in 26 countries to make it difficult to trace them online.
The police suspect that the hackers are the same group that hacked Korea Hydro & Nuclear Power in 2014. The authorities pointed to the IP addresses indicating the origin of attack, the hackers’ attempts to coax their targets into signing up for foreign websites, how the hackers infiltrated and managed the detour servers, the hackers’ use of North Korean diction, as well as the fact the hackers targeted experts of diplomacy, inter-Korean unification, national security and defence as reasons to believe so. The police mentioned they investigated a North Korean hacking group called Kimsuky numerous times.
The police also said this year was also the first time they detected North Korean hackers using ransomware, which encrypts the files of the target device and demands a ransom for unlocking them. Apart from sending emails to the foreign policy experts, the hackers attacked shopping malls with cybersecurity vulnerability. Nineteen servers operated by 13 companies were hit; two of the companies paid the ransom of 2.5 million won (US$1,980) worth of bitcoin to the group.
Lee Gyu-bong, chief of the police agency’s counter cyber terror bureau, said that the bureau has been tracking the email addresses from which the spear phishing mails were sent as well as inspecting the bitcoin exchange market overseas.