Hackers with the backing of foreign governments will aggressively target information on Seoul’s national security strategies in the runup to the presidential election next March, the South Korean spy agency warned in its recent annual report.

The National Cyber Security Center, under the auspices of the National Intelligence Service, last week released the annual report entailing cyber threat assessments and predictions, as well as its countermeasures.

In the report, the NCSC predicted that nation-state threat actors backed by governments would “intensively steal information on South Korea’s pending security issues and government policies” next year, citing the March 9 presidential election as the reason.

The NIS-affiliated agency explained there would be growing interest by hackers in the South Korean government policy toward North Korea and the US before and after the presidential election. But the NCSC did not elaborate on which countries would likely spearhead the cyberattacks.

The NCSC also warned that hackers would continue multifaceted cyberattacks next year. The agency foresaw that hackers would expand advanced ransomware attacks targeting major social infrastructures and information technology service providers and increasingly carry out “omnidirectional cyberattacks” on private companies and research institutes in high-tech industries such as biotech and defense.

In the report, the NCSC pointed out that nation-state cyberattacks against South Korean public and private sectors increased by 9 percent in the first half of this year compared to the second half of 2020. But it did not state which countries supported such operations.

The uptick notably reversed the recent trend in the number of attacks tied to governments having decreased by 32 percent overall last year from 2019.

In particular, the NCSC said that North Korean hackers operating on behalf of the Reconnaissance General Bureau increasingly attempted to target South Korean organizations in the fields of defense, foreign affairs and unification and steal related information in the first half of this year.

The RGB, North Korea’s primary intelligence organization, is mainly responsible for cyber activities and has been sanctioned by the United Nations and US Treasury.

The US government views North Korea’s major hacking groups, including Lazarus Group, Bluenoroff and Andariel, as being controlled by the RGB. The US also attributes responsibility of large-scale cyber operations such as the WannaCry 2.0 ransomware attacks and Sony Pictures hack to the RGB.

In the annual report, the NCSC suggested there was a correlation between the South-North relationship and the number of cyber incidents.

The agency said there was a transient increase in June 2019 when there were turbulent changes in inter-Korean relations including North Korea’s unilateral demolition of an inter-Korean liaison office in the North’s Kaesong.

In general, the NCSC analyzed that the most common type of cyberattack against South Korea this year has been information theft, while attacks to extort funds including cryptocurrencies also frequently occurred.

The agency added that there was an uptick in “supply chain attacks” this year, in which nation-state threat actors infiltrate organizations by targeting less-secure elements of the software vendor‘s network, and employ malicious code before the vendor distributes a software program to customers.

The NIS-affiliated agency also classified attacks by criminal syndicates using ransomware and the dark web, including stealing virtual assets from individual traders, as a “major threat” this year.

The NIS has enhanced its role in strengthening South Korea’s cybersecurity since the National Intelligence Service Korea Act was revised in December 2020, which stipulates the agency’s responsibility for protecting the people against cyberattacks and other new security threats.

By Ji Da-gyum (dagyumji@heraldcorp.com)