North Korean government hackers discovered ransomware use for the first time

North Korean state-sponsored threat actors have been observed using it ransomware The police reported for the first time against companies and organizations in neighboring South Korea.

According to the South China tomorrow postSouth Korea’s National Police Agency said threat actors have targeted at least 893 foreign policy experts in the country to steal their identity data and email lists.

The first victims were mostly think tank experts and professors who were targeted with phishing emails.

Ransomware from North Korea

The attackers would pose as the secretary of Tae Yong-ho’s office of the ruling People Power Party or an official at the Korea National Diplomatic Academy. The emails, which began sending as early as April 2022, contained either links to malicious websites or malware as attachments.

According to the law enforcement organization, at least 49 people fell for the trick and gave the attackers access to their email accounts and private, personal information.

That was enough to launch ransomware attacks against at least 13 companies (mainly online malls), with two companies already paying around 2.5 million won (nearly US$2,000) to regain access to their systems.

The search for the exact masterminds behind these attacks is ongoing, with police saying the attackers used 326 “redirect” servers in 26 countries to cover their tracks.

However, they believe the group is most likely the same ones that attacked Korea Hydro & Nuclear Power in 2014.

The main arguments that North Koreans are behind this campaign are the IP addresses used in the attack, their attempts to trick the targets into logging on to foreign websites, the use of North Korean idioms, and the choice of targets (diplomacy experts , inter-Korean unification thinkers, national security and defense experts).

• Here is an overview of the best firewalls today

Above: Engadget (opens in new tab)

This article was previously published on Source link