Nearly one thousand foreign policy experts in South Korea were hit by a cyberattack, and officials assumed North Korea was responsible.
The assaults began with phishing emails including links to fake websites containing viruses.
North Korea Targets Foreign Policy Experts
Several foreign policy experts were targeted by hackers supported by the North Korean government in an attempt to collect personal information and email lists. The victims were lured into signing up for bogus websites, which exposed their login information to hackers.
According to the National Police Agency of South Korea, North Korean hackers reportedly launched ransomware operations against a number of online shopping malls. The targeting of tank specialists and academics began as early as April, with thirteen businesses operating 19 compromised servers.
The hackers sent phishing emails from several accounts and posed as a South Korean celebrity to a number of prominent entities, including the Office of Tae Yong-ho of the People Power Party and the Korea National Diplomatic Academy Official.
Forty-nine receivers out of 892 accessed the websites and signed into their accounts. However, according to the authorities, hackers have already masked their IP addresses and deployed 326 ‘detour’ servers in 26 locations to thwart internet tracing.
The corporation continues to assume that North Korea is responsible for all of these incidents, despite the fact that the case’s credentials were lacking and just two companies paid the $1,980 ransom. The current breaches may have been perpetrated by the same individuals that attacked Korea Hydro & Nuclear Power in 2014.
Read more: Elon Musk to resign as Tesla CEO; Who will replace him?
How Hackers Victimize Foreign Targets?
The IP addresses that reveal the origin of the assault show that North Korea is attempting to convince its targets to sign up for international websites by using diction from their country, along with specialists in diplomacy, inter-Korean unity, National Security, and Defense.
Additionally, the authorities are investigating the hacker group Kimusky. This is the first time South Koreans have identified their use of ransomware, which encrypts the contents on the target device and only requests decryption.
Recently, North Korea also attacked South Korea using hackers who exploited zero-day vulnerabilities and forged Itaewon incident documentation to entice victims.
Counter Cyber Terror Bureau Police Agency Chief Lee Gyu-bong revealed that they have been monitoring the email addresses from which phishing emails were sent to victims. In addition, the international bitcoin exchange market is now being inspected.
According to National Intelligence Services (NIS), cyberattacks may continue through 2023, as they have identified possible cyber threats to South Korea. President of NIS Paik Jong Wook warned that this will continue to take nuclear industry, space, semiconductor, national defense, and joint strategy technology from other nations.
Read more: Parkinson’s Disease: Prevalence can be 50% more than previous estimates