Connect with us

Hi, what are you looking for?



S Korea Seeks Interpol Notice for Two Cyber Gang Leaders

South Korea said Friday it’s asked Interpol for help to arrest two foreigners it alleges played a leading role in cyberattacks and large-scale extortion that targeted South Korean and U.S. companies.

South Korea said Friday it’s asked Interpol for help to arrest two foreigners it alleges played a leading role in cyberattacks and large-scale extortion that targeted South Korean and U.S. companies.

The Korean Police Agency said it has received domestic arrest warrants and requested Interpol to issue a “red notice” for the two suspects in an effort to bring them to South Korea.

South Korean authorities did not publicly release the name or further information on the two suspects for whom they requested the Interpol notice — except that one is a Ukrainian national.

The suspect who is a Ukrainian national was among six people detained by Ukrainian police in June, when South Korean and U.S. authorities joined in raids on the homes of suspects affiliated with the Clop ransomware syndicate in Kyiv and elsewhere. The police operations targeted alleged associates of a Russian-speaking ransomware gang blamed for a half billion dollars in damages in cyberattacks that scramble data and can only be stopped with a software key obtained by paying the criminals.

The most potent ransomware gangs operate with Kremlin tolerance, based out of reach of Western law enforcement. Russian authorities neither prosecute nor extradite them.

A South Korea police statement said the suspects detained in Ukraine in June allegedly collaborated with a hacking organization and laundered the virtual currency they obtained through the ransomware and converted them for cash.

Earlier this month, South Korean police decided to take steps to have three of those earlier detained in Ukraine, and another person whose nationality they refuse to disclose, charged with violating South Korea’s laws on communication networks and information protection, extortion and concealing criminal proceeds.

Advertisement. Scroll to continue reading.

South Korea is now looking to extradite what it says are the two suspects of that group who played a leading role in the cyberattacks, said Choi Jongsang, chief of cybercrime investigation division at the Korea police agency.

Bringing them to South Korea still may not be easy.

A Ukraine law doesn’t allow local criminal suspects to be extradited to a foreign country and the legal status and whereabout of one of the suspects isn’t known, Choi said.

He said three companies and a university in South Korea were hit by the ransomware attacks in 2019 and that they were extorted to pay a Bitcoin ransom equivalent to 4.5 billion won ($3.8 million) in cash in total.

An earlier Ukraine police statement said the gang also targeted U.S. universities, including Stanford Medical School and the University of Maryland.

South Korean police said they’ll continue an investigation to the get to the bottom of the hacking group responsible for the cyberattacks. Police didn’t identify where that organization is based and where its hackers are from.

Related: Ukraine Police Seize Cash in Raids on Major Ransomware Gang

Related: Ukrainians Extradited to U.S. for Providing Money Laundering Services to Cybercriminals

Related: Two ‘Prolific’ Ransomware Operators Arrested in Ukraine

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Artificial Intelligence

The degree of danger that may be introduced when adversaries start to use AI as an effective weapon of attack rather than a tool...