North Korean government hackers found using ransomware for the first time
More than a dozen online malls targeted with ransomware, South Korean police say
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
North Korean state-sponsored threat actors have been observed usingransomwareagainst companies and organizations in neighboring South Korea for the first time, police have reported.
According to theSouth China Morning Post, the South Korean National Police Agency said threat actors targeted at least 893 foreign policy experts in the country, looking to steal their identity data and email lists.
The initial victims were mostly think tank experts and professors, who were targeted with phishing emails.
North Korea ransomware
The attackers would pose as a secretary from the office of Tae Yong-ho of the ruling People Power Party, or an official from the Korea National Diplomatic Academy. The emails, whose distribution started as early as April 2022, would either carry links to malicious websites or would carry malware as attachments.
According to the law enforcement organization’s findings, at least 49 people fell for the trick, and gave the attackers access to their email accounts and private, personal data.
North Korean hackers return with updated version of this dangerous malware>Open source software hijacked by North Korean hackers>These are the best malware removal tools right now
That was enough to launch ransomware attacks against at least 13 companies (mostly online malls), with two companies already paying around 2.5 million won (just below $2,000) to regain access to their systems.
The quest to uncover exactly who is behind these attacks is underway, with police saying the threat actors used 326 “detour” servers in 26 countries to cover their tracks.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
However they believe the group is most likely the same one that attacked Korea Hydro & Nuclear Power, back in 2014.
The main arguments that North Koreans are behind this campaign include the IP addresses used in the attack, their attempts to get the targets to sign into foreign websites, the use of North Korean diction, and the choice of targets (diplomacy experts, inter-Korean unification thinkers, national security and defense experts).
Via:Engadget
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
Cisco issues patch to fix serious flaw allowing possible industrial systems takeover
Washington state court systems taken offline following cyberattack
I’ve used Genmoji and now I’m convinced Apple Intelligence will be a huge success
