SECURITYWEEK NETWORK:

ICS:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyberwarfare

Suspected N. Korean Hackers Target S. Korea-US Drills

North Korea-linked “Kimsuky” hackers carried out “continuous malicious email attacks” on contractors working at the war simulation centre.
North Korean hacking Ulchi Freedom Shield

Suspected North Korean hackers have attempted an attack targeting a major joint military exercise between Seoul and Washington that starts on Monday, South Korean police said.

South Korea and the United States will kick off the annual Ulchi Freedom Shield drills on Monday through August 31 to counter growing threats from the nuclear-armed North.

Pyongyang views such exercises as rehearsals for an invasion and has repeatedly warned it would take “overwhelming” action in response.

The hackers — believed to be linked to a North Korean group dubbed Kimsuky — carried out “continuous malicious email attacks” on South Korean contractors working at the allies’ combined exercise war simulation centre, the Gyeonggi Nambu Provincial Police Agency said in a statement on Sunday.

“Police investigation confirms that North Korean hacking group was responsible for the attack,” it said in a statement, adding that military-related information was not stolen.

A joint investigation by the police and the US military found that the IP address used in the latest attack matched one identified in a 2014 hack against South Korea’s nuclear reactor operator blamed on the group, according to the statement.

The Kimsuky hackers use “spearphishing” tactics — sending malicious attachments embedded in emails — to exfiltrate desired information from victims. According to findings by the US Cybersecurity and Infrastructure Security Agency in 2020, Kimsuky is “most likely tasked by the North Korean regime with a global intelligence gathering mission.”

The group — believed to be active since 2012 — targets individuals and organizations in South Korea, Japan, and the United States, focusing on foreign policy and national security issues related to the Korean peninsula, nuclear policy, and sanctions, it added.

Advertisement. Scroll to continue reading.

Related: US, South Korea Detail North Korea’s Social Engineering Techniques

Related: US Sanctions North Korean University for Training Hackers

Related: North Korean Hackers Target Mac Users With New ‘RustBucket’ Malware

Related: North Korean Group Kimsuky Targets Government Agencies With New Malware

Written By

AFP 2023

More from

Latest News

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

CIEM Chat: How to Reduce Cloud Identity Risk
March 26, 2024

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

Virtual Event: Ransomware Resilience & Recovery Summit
April 17, 2024

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

People on the Move

Mike Dube has joined cloud security company Aqua Security as CRO.

Cody Barrow has been appointed as CEO of threat intelligence company EclecticIQ.

Shay Mowlem has been named CMO of runtime and application security company Contrast Security.

More People On The Move

Expert Insights

Related Content

Cyberwarfare Main Threat to US: Poll

Cyberwarfare

Cyberwarfare Main Threat to US: Poll

WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

January 6, 2014
Russia hackers hit Microsoft Russia hackers hit Microsoft

Cybercrime

Microsoft Warns of Office Zero-Day Attacks, No Patch Available

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

July 11, 2023
Russian APT Hacked Tajikistani Carrier to Spy on Government, Public Services

Cyberwarfare

Russian APT Hacked Tajikistani Carrier to Spy on Government, Public Services

Russian espionage group Nomadic Octopus infiltrated a Tajikistani telecoms provider to spy on 18 entities, including government officials and public service infrastructures.

April 28, 2023
Cisco zero-day CVE-2023-20109 exploited Cisco zero-day CVE-2023-20109 exploited

Malware & Threats

Chinese Gov Hackers Caught Hiding in Cisco Router Firmware

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

September 27, 2023
Israel-Hamas cyberattacks Israel-Hamas cyberattacks

Cyberwarfare

Hackers Join In on Israel-Hamas War With Disruptive Cyberattacks 

Several hacker groups have joined in on the Israel-Hamas war that started over the weekend after the militant group launched a major attack.

October 9, 2023
Details of Stuxnet Cyberattack Details of Stuxnet Cyberattack

Cyberwarfare

Dutch Engineer Used Water Pump to Get Billion-Dollar Stuxnet Malware Into Iranian Nuclear Facility: Report

An engineer recruited by intelligence services reportedly used a water pump to deliver Stuxnet, which reportedly cost $1-2 billion to develop.

January 10, 2024
VMware Patches VM Escape Flaw Exploited at Geekpwn Event

Application Security

VMware Patches VM Escape Flaw Exploited at Geekpwn Event

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

December 13, 2022
Fortinet Ships Emergency Patch for Already-Exploited VPN Flaw

Application Security

Fortinet Ships Emergency Patch for Already-Exploited VPN Flaw

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

December 12, 2022