Studies stretching back to April have focused on think tank members and academics. The attacks began with spear phishing emails, often claiming to come from figures in South Korea’s political system. These often contained links to fake sites or viruses.
The result was the personal data of several prominent experts being stolen, their email lists hijacked (and more exposed to hackers), and 13 companies (mostly online retailers) falling victim to ransomware. The extent of the victimization is not fully known, although police believe that only 49 buyers handed over their credentials to fraudulent sites and that only two companies paid a ransom of 2.5 million won (about $2,000).
North Korea gave the start of cyber war!
It is not yet clear what other resources the North Korean hackers obtained from this latest attack, but it certainly won’t be the last cyberattack on its southern neighbor. The group has previously targeted researchers over security vulnerabilities and even used the tragedy in Itaewon on Halloween as bait for this purpose.
Cyber warfare has been one of North Korea’s powerful weapons for years, although it tries to deter foreign armies by more traditional means, such as obtaining nuclear weapons. This piracy continues to be an important source of income for the country, which is in constant financial crisis and is largely cut off from world markets. It is estimated that North Korean hackers have stolen $1.72 billion worth of cryptocurrencies since 2017.
While the hackers reasonably covered their tracks, the targets, tactics and IP addresses led police to believe this group was the group that hacked Korean Hydro and Nuclear Power in 2014. Authorities urged people, especially those working in sensitive areas such as technology and government, to step up security measures and be extra vigilant against bait and human engineering attacks.