North Korean cybercrime group hacks nearly 900 foreign policy experts, steals information and demands ransom



892 experts in foreign policy such as think tank experts and university professors, as well as commercial facilities, were attacked by North Korean cybercriminal groups, their personal data and mailing lists were stolen, and they were ransomized after being attacked by ransomware. South Korea's National Police Agency announced that it was confirmed that

North Korea hacked almost 900 South Korean foreign policy experts, sought ransom | South China Morning Post

https://www.scmp.com/news/asia/east-asia/article/3204528/north-korea-hacked-almost-900-south-korean-foreign-policy-experts-sought-ransom



According to the National Police Agency, hackers sent spear phishing emails to the secretary of a ruling party lawmaker in May 2022, and to officials from the Korean Foreign Office in October of the same year, from multiple accounts impersonating South Koreans. It seems that the email had a link to a fake website and a file containing a virus attached. Police have announced that 49 of the recipients accessed a fake website and logged in, allowing them to monitor and download data.

It seems that the cybercriminal group 'washed' the IP address by going through 326 servers in 26 countries, making it difficult to track online. In addition to foreign policy experts, it is believed to have attacked a shopping mall with a cybersecurity vulnerability, and 19 servers operated by 13 companies were damaged. Two of them reportedly paid 2.5 million won (approximately 260,000 yen) worth of bitcoin to the group as a ransom. The National Police Agency points out that the cybercrime group that carried out a series of crimes had the same modus operandi as ' Kimski ', who hacked the nuclear power plant in 2014.



South Korea's National Intelligence Service (NIS) predicts that cyberattacks by North Korea will continue in 2023. Of the potential threats to cybersecurity in South Korea in 2023, NIS executive Baek Jong-woo said, 'North Korea, China and other state-sponsored hackers are attacking the nuclear industry, space, semiconductors, national defense, and with the United States. 'We will continue to attack Seoul to steal South Korean technology related to our joint strategy against North Korea.'

In addition, Mr. Baek pointed out the possibility that North Korea will circulate fake videos using deepfakes online as propaganda against South Korea, saying, ``In November 2022, systematic hacking attempts against the South Korean government will be on average daily. There were 1.18 million cases in 2018. It is a long time ago that the government can prevent such a large number of cyber attacks on its own,” he said, saying that the government and the private sector should work together to protect themselves from cyber attacks around the clock. i think i need it.

in Security, Posted by log1i_yk