Almost 1000 foreign policy experts have been affected by a cyberattack in South Korea, and the authorities believed North Korea was the reason behind what happened. The attacks started with phishing emails that included links to fake sites with viruses attached.

(Photo : Carl Court/Getty Images)
PYONGYANG, NORTH KOREA - AUGUST 24: Apartment blocks are pictured from the viewing platform of the Juche Tower on August 24, 2018 in Pyongyang, North Korea. Despite ongoing international negotiations aimed at easing tensions on the Korean peninsula, the Democratic People's Republic of Korea remains the most isolated and secretive nation on earth.

Hacking South Korean Foreign Policy Experts

Government-supported hackers from North Korea targeted several foreign policy experts, in an effort to steal personal data and email lists. Based on a report from Engadget, victims were tricked by signing into fake websites, which led to exposing their different login details to hackers.

The National Police Agency of South Korea stated that North Korean hackers also carried out ransomware attacks on several online malls. Tank experts and professors were targeted and began as early as April, with nineteen servers affected, operated by thirteen companies.

As per the agency, the hackers sent phishing emails from multiple accounts and posed as a celebrity figure in South Korea to several notable agencies in the country such as the Office of Tae Yong-ho of the People Power Party and Korea National Diplomatic Academy Official.

Out of 892, forty-nine recipients visited the websites and logged in to the accounts. But the police stated that hackers already laundered their IP addresses and employed 326 'detour' servers in 26 countries, for them to harden the tracing online. 

The company continuously believes that North Korea is behind all of these despite the case's credentials did not have much, and only two companies paid $1,980 ransom. Police stated that the recent hacks might also be the same suspects that hacked Korea Hydro & Nuclear Power in 2014.

Hacking Process

Based on a report from South China Morning Post, IP addresses that indicate the origin of the attack is an effort to coax their targets on sign-ups for foreign websites that comes with a diction from North Korea to persuade them, and the diplomacy experts, inter-Korean unification, National Security and Defense. 

The police added that they are also investigating Kimusky, a hacking group. This is the first time South Koreans detected them using ransomware, and decrypt the files of the target device and demands just for unlocking. 

North Korea also targeted South Korea just recently with hackers exploiting zero-day vulnerability with fake Itaewon incident documents to lure the victims.

Also Read: Google Discovers North Korean APT Hackers Threaten Security Researchers via Social Media Malware!

Counter Cyber Terror Bureau Police Agency Chief Lee Gyu-bong stated that they have been tracking the email addresses that sent the phishing mails to victims. Aside from this, the bitcoin exchange market overseas is also in the midst of inspection. 

As per National Intelligence Services (NIS), the attacks may still continue by next year as they predicted potential threats to South Korea's cybersecurity in 2023. NIS President Paik Jong Wook stated that this will continue to steal several technologies related to the nuclear industry, space, semiconductors, national defense, and joint strategies from other countries.

Paik added, "North Korean hackers might use deepfakes to produce and spread fake videos online as propaganda against Seoul, just like how Ukrainian President Zelensyy was portrayed in a fake video surrendering to Russia in the early phase of the ongoing war."

Related Article: North Korea Have Reportedly Plundered $1.2 Billion in Crypto Funds, According to South Korea's Spy Agency