North Korean state-sponsored threat actors have been observed using ransomware Police reports said it was the first time companies and organizations in neighboring South Korea had been targeted.
according to South China Morning PostSouth Korea’s National Police Agency said threat actors targeted at least 893 foreign policy experts in the country, hoping to steal their identity data and email lists.
Most of the initial victims were think tank experts and professors who were targeted by phishing emails.
North Korea ransomware
The attackers posed as a secretary in the office of Tae Yong-ho, the ruling People’s Power Party, or an official at South Korea’s National Diplomacy Academy. The emails, which were distributed as early as April 2022, either contained links to malicious websites or had malware attachments.
At least 49 people were duped into giving attackers access to their email accounts and private personal data, according to findings from law enforcement agencies.
That was enough to launch a ransomware attack on at least 13 companies, mostly online marketplaces, two of which have paid around 2.5 million won (just under $2,000) to regain access to their systems.
Efforts to identify those behind the attacks are ongoing, with police saying the threat actors used 326 “detour” servers in 26 countries to cover their tracks.
However, they believe the group is likely to be the same group that attacked South Korea’s hydro and nuclear power plants in 2014.
The North Koreans’ main arguments in favor of the campaign include the IP addresses used in the attacks, their attempts to get targets to log on to foreign websites, the use of Korean language, and the choice of targets (diplomatic experts, inter-Korean unification thinkers, national security and defense experts).
pass: Engadget (opens in a new tab)