North hackers target national security network

The Ministry of Science, ICT and Future Planning warned yesterday that North Korean hacking attempts have been detected recently at small and midsize IT companies and institutions that deal directly with national security.

The companies, especially those under contract with government agencies, were affected by recent hacking due to their relatively poor security, the ministry said.

In the second half of last year, the number of phishing cases increased sevenfold to more than 60 compared to the first half, according to an official from the Science Ministry.

According to the ministry, hacking attempts have also been found in emails. For example, the North has spread mass emails that contain malware since last month.

North Korean hackers usually disguise emails as being from an acquaintance or colleague and send out fake event invitations or survey requests.

Hackers have passed themselves off as members of an academic society that studies North Korea, as well as officials from the Ministry of Unification, according to the ministry.

In January alone, there were 30 instances of such attempts. In December, similar emails were delivered to 159 people, including journalists and advisory board members related to both national security and free trade agreements.

“Hacking attempts through emails were pretty common in the private sector,” said the Science Ministry official. “What makes this case unique is that such attempts specifically target key figures from public institutions related to national security, including the Foreign Affairs Ministry, Unification Ministry and Defense Ministry.”

Also, the national cybersecurity administration confirmed that the hacking arose from IP addresses originating from North Korea.

According to AhnLab, email hacking is a long-term effort that attempts to collect small pieces of information about individuals from a variety of sources.

This method, known as spear phishing, targets specific persons or groups.

According to AhnLab, spear phishing is unique because most of the fake emails contain attachments.

The attackers embed malware that monitors or transfers information into attached files that appear normal and which have already been saved on the sender’s computer.

Hackers these days use different file types to avoid suspicion, from program execution files like .exe to non-program files like .doc, .pdf and .zip.

If the target group is small, the malware is meticulously customized, which makes it even more difficult for victims to identify.

Security solution companies usually develop all-purpose general vaccines that have been designed to protect against well known or previously activated malware.

The government explained that, compared to a different style that surfaced last year, spear phishing via email is a new cyberattack format.

Pyongyang used to be bold when trying to hack computers in the South.

On June 25, it directly broke through the Blue House and Prime Minister’s Office websites and made changes on web pages.

At the same time, the attack also damaged the servers of several major broadcasting stations and newspapers.

On March 20, the North targeted key financial institutions and media organizations in the South with a distributed denial of service attack (DDoS), which intentionally involves massive online traffic to paralyze a website.

The Science Ministry estimated that attempted hacking occurs as many as 2,000 times a week.

BY KIM JI-YOON [jiyoon.kim@joongang.co.kr]