South Korean authorities believe North Korean hackers, who work for the government have targeted at least 892 of the country’s foreign policy experts. The effort focused on members of think tanks and academics and began in April. The attacks began with spear phishing emails, often pretending to be from figures in South Korea’s political system. These usually contained either links to fake websites or viruses as attachments. While the trick wasn’t particularly sophisticated, it was enough to fool at least a handful of victims.
As a result, several prominent experts had their personal information stolen, email lists were compromised (exposing more people to hackers), and 13 companies (mainly online retailers) fell victim to ransomware. Although police believe only 49 recipients actually provided credentials to the fake websites and only two companies paid the 2.5 million won (US$1,980) ransom, it’s difficult to assess the full extent of the fallout judge.
It is unclear what non-financial resources the North Korean hackers may have gained from this latest campaign. But it is certain that this will not be the last cyber attack on its southern neighbor. The county has previously targeted security researchers to discover unpatched vulnerabilities, even using the Itaewon Halloween tragedy as a tool to target South Korean citizens.
