North Korean hackers targeted nearly 1,000 South Korean foreign policy experts
South Korean authorities believe North Korean hackers, who work for the government, have targeted at least 892 foreign policy experts in the country. The effort focused on members of think tanks and academics, dating back to April. The attacks began with phishing emails, often claiming to be from people in South Korea’s political system. These usually included either links to fake websites or viruses as attachments. The ruse, while not particularly sophisticated, was enough to fool at least a handful of victims.
The result was that several prominent experts had personal data stolen, mailing lists compromised (exposing more people to the hackers), and 13 companies (primarily online retailers) fell victim to ransomware. Although police believe only 49 recipients actually handed over credentials to the fake sites and only two companies paid the 2.5 million won ($1,980) ransom, it’s hard to gauge the full extent of the fallout.
It is unclear what non-financial resources the North Korean hackers may have obtained from this latest campaign. But it is certain that this will not be the last cyber attack on the neighbor to the south. The county has previously targeted security researchers for discovering unpatched vulnerabilities, and even used the Itaewon Halloween tragedy as a tool to target South Korean citizens.
Cyber warfare has been a major focus of North Korea for years, even as it seeks to deter foreign militaries with more traditional methods, such as building nuclear weapons. It has also been an important source of income for the country, which is in a perpetual financial crisis and largely cut off from the world’s markets. It’s estimated that North Korean hackers have stolen $1.72 billion worth of cryptocurrency since 2017. And it doesn’t seem to be letting the recent crypto crash scare it off, as the latest ransom was also paid in BitCoin.
Although the hackers covered their tracks reasonably well, the targets, tactics and IP addresses have led the police to believe that this is the same group that hacked Korea Hydro & Nuclear Power in 2014. They also believe that the hackers will not stop their activity just because their efforts have been discovered. Authorities have urged people, especially those working in sensitive areas such as technology and government, to step up their security measures and be extra vigilant against phishing and human engineering attacks.