North Korean hackers targeted S. Korea

2024-05-19 21:29:31      点击：313

gettyimagesbank

By Lee Hyo-jin

North Korean hackers carried out cyberattacks throughout the last several months targeting combined military drills between South Korea and the United States, according to Gyeonggi Nambu Provincial Police Agency, Sunday.

Despite the continued cyberattacks, the police confirmed that no military-related information was compromised.

Through a months-long investigation, law enforcement authorities found that the hacking attempts were orchestrated by "Kimsuky," a state-backed North Korean hacking group.

Beginning April 2022, the North Korean hacking group sent malicious emails to employees of a domestic War Game operating company, who were dispatched to the South Korea-U.S. combined military exercise battle simulation center since February this year.

In January, the hackers succeeded in installing a malicious code on one of the company's computers after hijacking the email account of a staff member. Since then, the hackers were able to spy on emails sent and received by the employees of the War Game operating company on a real-time basis and gained unauthorized access to the personal information of all the staff members.

Using the data, the hacker group began to distribute to the employees more malicious email messages disguised as receipts for withholding tax.

Although some workers tried to open the attached documents in the emails, no military-related information was stolen as the U.S. national defense digital network blocked the malicious code.

Through a joint probe with the U.S. military investigation agency, the police found that the IP address used in the attempted cyberattacks was the same as the one used by a group which hacked into the computer network of Korea Hydro & Nuclear Power in 2014.

Based on a comprehensive assessment, such as similarities to previous attacks in terms of methods of infiltration and the presence of some North Korean vocabulary in the emails, the law enforcement authorities determined "Kimsuky" to be behind the latest hacking attempt.

To prevent further damage from North Korea's cyberattacks, the authorities have implemented protective measures on computers affected by the cyberattacks and provided security training to employees involved in the South Korea-U.S. combined exercise.

"This incident is an example of smooth cooperation and preemptive measures taken by South Korea and the U.S. to prevent the leak of data from the U.S. Forces in Korea (USFK)," said Lee Sang-hyun, head of the national security investigation division. "We will continue to actively respond to North Korea's cyberattacks that pose a threat to national security."

The police added that they will continue to keep a close eye on potential hacking attempts by the North as a major South Korea-U.S. combined drill is set to kick off from Monday. The annual Ulchi Freedom Shield (UFS) exercise, featuring various contingency drills, such as a computer simulation-based command post exercise, will be held for 11 days.