Police said Friday that a North Korean hacker group was behind a series of phishing attacks this year targeting security experts in South Korea by sending them emails and inviting them to click on links to fake websites.
The scam, which took place between April and October, involved faking the identity of local reporters covering national security and an assistant to Rep. Tae Yong-ho, a former North Korean diplomat who defected to the South and is now a ruling party lawmaker.
Of the 892 people who received such emails, 49 had unwittingly given away their passwords. But none among those tricked were government employees, according to police, who noted the hackers compromised 326 computer servers scattered in 26 countries to mask the source of traffic.
Internet protocol addresses, the type of virus and the usage of a North Korean word in the latest scam were the same as the North Korea-backed attack on Korea Hydro and Nuclear Power in 2014. Police cited them as strong evidence that the same group was behind the infiltration.
The victims -- private citizens -- all had something to do with national security, another finding that also led police to blame North Korea. Ransomware attacks, police added, had forced some South Korean companies to pay the hackers to regain what they stole -- the first time such an exchange ever took place.
“We will mobilize all resources to prevent cybercrimes,” a senior police official said, urging companies to ramp up their security.
The latest finding comes as Seoul doubles down on efforts to manage cybersecurity risks involving Pyongyang. Earlier this month, South Korean authorities warned businesses against inadvertently hiring IT staff from North Korea who mask their true identities and take advantage of remote work opportunities to bypass international sanctions -- restraints the isolated country has yet to clear as it refuses to abandon its nuclear weapons program.
“These workers are making millions of dollars annually for the work they do for global IT companies. … And by the day, the money they bring in is making up a bigger part of the dollar operation,” authorities said in the advisory, referring to North Korea’s foreign remittances from its overseas workers -- a longstanding campaign believed to fund its nuclear buildup.