A hacking group, believed to be Kimsuky, stands accused of orchestrating a scheme to pilfer cryptocurrency for the North Korean regime by impersonating South Korean officials and journalists.
South Korea’s police agency reports that 1,468 individuals, including 57 government officials from diplomatic, military, and national security sectors, fell prey to the campaign between March and October 2023.
Screenshot taken from Korea JoongAng Daily
The attacks, involving malware installation attempts, marked a nearly 30-fold increase in email account hijackings compared to the previous year, indicating a shift towards targeting the general public.
Who is Kimsuky?
Kimsuky, a state-sponsored hacking entity known for global intelligence and money theft for North Korea, sought to acquire victims’ personal information, IDs, and passwords, alongside cryptocurrency.
The Korean National Police Agency reveals that the hacking group diversified its targets beyond diplomats and security experts.
Employing social engineering tactics, Kimsuky sent boobytrapped emails, masquerading as government bodies, research institutes, and journalists, aiming to deceive recipients into clicking on malicious links or opening infected files.
One deceptive email purportedly offering a document from South Korea’s health insurance service directed users to a phishing website.
Active since 2012, Kimsuky, previously targeted the United Nations Security Council and South Korea’s Atomic Energy Research Institute.
South and North Korea’s Tension
South Korea alleges the group’s involvement in North Korea’s satellite development.
As tensions rise with North Korea launching its first spy satellite into orbit, individuals and organisations at risk of such attacks are advised to employ up-to-date antivirus software.
Additionally, they should enable multi-factor authentication, use robust passwords, and educate users about the dangers of opening suspicious documents.
Recent alerts from the United States and South Korea also caution companies about the potential inadvertent recruitment of North Korean spies working remotely in their IT departments, creating additional vulnerabilities for hackers.