Cyberwarfare

Suspected N. Korean Hackers Target S. Korea-US Drills

North Korea-linked “Kimsuky” hackers carried out “continuous malicious email attacks” on contractors working at the war simulation centre.

Published

Suspected North Korean hackers have attempted an attack targeting a major joint military exercise between Seoul and Washington that starts on Monday, South Korean police said.

South Korea and the United States will kick off the annual Ulchi Freedom Shield drills on Monday through August 31 to counter growing threats from the nuclear-armed North.

Pyongyang views such exercises as rehearsals for an invasion and has repeatedly warned it would take “overwhelming” action in response.

The hackers — believed to be linked to a North Korean group dubbed Kimsuky — carried out “continuous malicious email attacks” on South Korean contractors working at the allies’ combined exercise war simulation centre, the Gyeonggi Nambu Provincial Police Agency said in a statement on Sunday.

“Police investigation confirms that North Korean hacking group was responsible for the attack,” it said in a statement, adding that military-related information was not stolen.

A joint investigation by the police and the US military found that the IP address used in the latest attack matched one identified in a 2014 hack against South Korea’s nuclear reactor operator blamed on the group, according to the statement.

The Kimsuky hackers use “spearphishing” tactics — sending malicious attachments embedded in emails — to exfiltrate desired information from victims. According to findings by the US Cybersecurity and Infrastructure Security Agency in 2020, Kimsuky is “most likely tasked by the North Korean regime with a global intelligence gathering mission.”

The group — believed to be active since 2012 — targets individuals and organizations in South Korea, Japan, and the United States, focusing on foreign policy and national security issues related to the Korean peninsula, nuclear policy, and sanctions, it added.

Advertisement. Scroll to continue reading.

Related: US, South Korea Detail North Korea’s Social Engineering Techniques

Related: US Sanctions North Korean University for Training Hackers

Related: North Korean Hackers Target Mac Users With New ‘RustBucket’ Malware

Related: North Korean Group Kimsuky Targets Government Agencies With New Malware

In this article:

Related Content

CVE-2024-21338 zero-day exploited by North Korea

Email Security

US Says North Korean Hackers Exploiting Weak DMARC Settings 

The US government warns of a North Korean threat actor abusing weak email DMARC settings to hide spear-phishing attacks.

6 days ago

Malware & Threats

North Korean Hackers Hijack Antivirus Updates for Malware Delivery

A North Korea-linked threat actor hijacked the update mechanism of eScan antivirus to deploy backdoors and cryptocurrency miners.

April 24, 2024

Malware & Threats

Windows Zero-Day Exploited by North Korean Hackers in Rootkit Attack

North Korean group Lazarus exploited AppLocker driver zero-day CVE-2024-21338 for privilege escalation in attacks involving FudModule rootkit.

February 29, 2024

Cyberwarfare

South Korea Says Presumed North Korean Hackers Breached Personal Emails of Presidential Staffer

South Korean President Yoon Suk Yeol’s office said presumed North Korean hackers breached the personal emails of one of his staff members.

February 14, 2024

Nation-State

UN Experts Investigating 58 Suspected North Korean Cyberattacks Valued at About $3 Billion

U.N. experts are investigating 58 suspected North Korean cyberattacks valued at approximately $3 billion, with the money reportedly being used fund development of weapons...

February 10, 2024

Malware & Threats

New ‘SpectralBlur’ macOS Backdoor Linked to North Korea

SpectralBlur is a new macOS backdoor that shows similarities with North Korean hacking group’s KandyKorn malware.

January 5, 2024

Malware & Threats

North Korean Hackers Developing Malware in Dlang Programming Language

North Korean hackers have used Dlang-based malware in attacks against manufacturing, agriculture, and physical security organizations.

December 11, 2023

Cybercrime

North Korean Hackers Have Stolen Over $3 Billion in Cryptocurrency: Report

Recorded Future calculates that North Korean state-sponsored threat actors are believed to have stolen more than $3 billion in cryptocurrency.

December 4, 2023

Copyright © 2024 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Exit mobile version