The campaign allegedly marks the first use of ransomeware by the North Korean government.
South Korean authorities believe North Korean hackers, working for the government, have targeted at least 892 foreign policy experts in the country. The efforts focused on members of think tanks and academics, dating back to April. The attacks began with spear phishing emails, often claiming to be from figures in South Koreas political system. These usually included either links to fake sites or viruses as attachments. The ploy, while not particularly sophisticated, was enough to fool at least a handful of victims.
The result was that several prominent experts had their personal data stolen, email lists compromised (exposing more people to the hackers), and 13 companies (primarily online retailers) were victims of ransomware. Although police believe only 49 recipients actually handed credentials over to the fakes sites and only two companies paid the 2.5 million won ($1,980) ransom, it’s difficult to judge the full scale of the fallout.
It’s unclear what non-financial resources the North Korean hackers may have gained from this latest campaign. But it’s certain this will not be the last cyber attack on its souther neighbor. The county has previously targeted security researchers to discover unpatched vulnerabilities, and even used the tragedy on Halloween in Itaewon as a tool to target South Korean citizens.
Cyber warfare has been a major focus of North Korea for years, even as it seeks to deter foreign militaries with more traditional methods, like building nuclear weapons. It has also been a major source of revenue for the country which is in perpetual financial crisis and largely cut off from the world’s markets. It’s estimated that North Korean hackers have stolen $1.72 billion worth of cryptocurrency since 2017. And it doesn’t appear that it’s letting the recent crypto crash scare it off, as the recent ransoms were also paid in BitCoin.
Though the hackers covered their tracks reasonably well, the targets, tactics and IP addresses have led police to believe this is the same group that hacked the Korea Hydro & Nuclear Power in 2014. They also believe that the hackers will not cease their activity just because their efforts have been discovered. Authorities have urged people, especially those who work in sensitive areas like technology and government, to step up their security measures and be extra vigilant against fishing and human engineering attacks.
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission. All prices are correct at the time of publishing.