State-sponsored North Korean threat actors have been observed using ransomware against businesses and organizations in neighboring South Korea for the first time, police said.
According to the South China Morning Post, South Korea's national police agency said threat actors targeted at least 893 foreign policy experts in the country, seeking to steal their identity data and mailing lists.
The first victims were mainly experts in think tanks and professors, who were targeted by phishing emails.
North Korean Ransomware
The attackers allegedly pose as secretaries in Tae Yong-ho's office of the ruling People's Power Party or as officials of the Korea National Diplomatic Academy. The emails, which began being distributed in April 2022, allegedly contain links to malicious websites or malware as attachments.
According to the law enforcement organization's findings, at least 49 people fell for the trap, giving the attackers access to their email accounts and private personal data.
This was enough to launch ransomware attacks against at least 13 companies (mainly online shopping malls), and two companies have already paid around 2,5 million won (just under $2000) to regain access to their systems.
The search to find out exactly who is behind these attacks continues, with police saying threat actors used 326 'divert' servers in 26 countries to cover their tracks.
However, they believe the group is likely the same one that attacked Korea Hydro & Nuclear Power in 2014.
The main arguments that the North Koreans support in this campaign include the IP addresses used in the attack, their attempts to trick targets into logging into foreign websites, the use of North Korean diction, and the choice of targets (experts in diplomacy, inter-Korean). relationship unification thinkers, national security and defense experts).
Via: Engadget (opens in a new tab)