North Korean hackers were found to be responsible for sending 126,266 emails to steal the personal information of online users in South Korea from November to January, according to the Korean National Police Agency, Tuesday.
The KNPA's National Office of Investigation announced that a North Korean hacker group sent emails, titled, “Defense Counterintelligence Command’s Martial Law Document,” on Dec. 11, eight days after former President Yoon Suk Yeol’s martial law declaration.
While investigating the case, the police confirmed that the group's email hacking targeted 17,744 South Koreans, who were working in the fields of unification, diplomacy, national defense and security, for three months.
Though the police did not release details about the hacker group’s identity, including its name or link with North Korean agencies, Seoul officials said they confirmed the hackers’ server was identical to one used in past North Korea-linked cases.
Police added that they found a hacker group’s attempt to collect information about North Korean defectors and South Korean military after investigating the servers.
The content of the emails varied widely, ranging from the martial law-themed documents to North Korea’s political outlook, invitations to concerts by popular artists and tax refund notifications. The emails impersonated the recipient’s acquaintances by inserting additional spelling to the original IDs and changing parts of web addresses with visually similar letters, such as writing "rn” instead of "m."
The hacking emails commonly consisted of a link, which, when clicked, would direct the users to a phishing site and request personal accounts to log in, according to the police.
The officials announced that 120 people were hacked this way.
While pledging utmost efforts for strict, speedy measures for any type of cyberattack and a cooperative system to respond to hacking attempts, the police asked online users to prevent damage by not opening emails with an unidentified sender.
sj_lee@heraldcorp.com
