North Korea carries out cyber attack on nearly 900 S Korean foreign policy experts: Report

The South Korean National Police Agency has reported that North Korea has carried out cyberattacks on at least 892 foreign policy experts in South Korea, targeting their personal data and email lists as well as conducting ransomware attacks against online malls. The attacks began in April and primarily targeted think tank experts and professors, as per a report from the South China Morning Post. Hackers used phishing emails from multiple accounts, posing as figures in South Korea, and included a link to a fake website or an attachment carrying a virus. Out of the 892 targeted individuals, 49 ended up visiting the fake websites and logging in, allowing the hackers to infiltrate and monitor their email accounts and download data.

According to the South Korean Police, North Korean hackers used 326 "detour" servers in 26 countries and laundered their IP addresses to make it difficult to trace them online. The police suspect that the same group that hacked Korea Hydro & Nuclear Power in 2014 is responsible for these attacks. They pointed to various factors as evidence of this, including the origin of the attack as indicated by the IP addresses, the use of foreign websites to coax their targets, the infiltration and management of detour servers, the use of North Korean diction, and the targeting of experts in diplomacy, inter-Korean unification, national security, and defense.

First time North Korea used ransomware? 

The police also mentioned that they have investigated a North Korean hacking group called 'Kimsuky' on multiple occasions. This year was also the first time that the police detected North Korean hackers using ransomware, which encrypts files on the target device and demands a ransom for unlocking them. In addition to targeting foreign policy experts with emails, the hackers also attacked shopping malls with cybersecurity vulnerabilities. A total of 19 servers operated by 13 companies were affected, and two of the companies paid a ransom of $1,980 worth of bitcoin to the group. According to the SCMP report, Lee Gyu-bong, the head of the counter cyber terror bureau at the South Korean National Police Agency, stated that the bureau has been tracking the email addresses from which the phishing emails were sent and examining the overseas bitcoin exchange market. The deputy president of National Intelligence Service Paik Jong-wook said that “there were an average of 1.18 million attempted cyberattacks by organised hackers from across the world against the South Korean government per day last month".