North Korea’s hackers target South Korea’s hacksNorth Korea recently conducted numerous hacking attacks on prominent journalists from around 10 South Korean media outlets, according to a cyber-security source who spoke on the condition of anonymity.
According to the source, signs of attempted hacking of media organizations began on Aug. 5. These were tracked to North Korean hackers based on analysis of the tactics and technology employed.
The attacks on people in the media were a shift from the North’s recent cyber intrusions targeting South Korean agencies and former and current government officials.
The hacking attempts on South Korean media outlets took place in the form of e-mails sent to dozens of reporters and editors. Messages contained PDF attachments and requesting responses to a survey. This also marked a change from the North’s hackers’ previous use of Word and Hangul documents.
Once opened, the PDF attachments downloaded a malicious code onto the victim’s computer, which would check for the presence of anti-virus software before attempting to enter the internal network of the media outlet.
The downloaded malware collected documents and passwords stored on the computer. The code was also capable of monitoring screen activity and, in the case of mobile phones, stealing contact information and photographs.
An official with knowledge of the investigation into the latest hacking attempts said that the motive behind the hacking attacks was “to understand the current political sentiment regarding the U.S.-South Korean joint military drills and next year’s presidential election.”
He added, “Although the hackers sought personal information on the journalists who opened the e-mails, their main targets were the internal networks of media outlets.”
The source noted that the hacking attempts on media outlets bore certain similarities with the May hacking of the Korea Atomic Energy Institute.
In the case of both, hackers used Virtual Private Networks (VPN) utilized by employees to connect directly to their companies’ internal servers.
One weakness of VPNs is that once malware finds its way into a company’s internal network from an e-mail recipient, all information saved on the server can be stolen. It is also possible for such malware to alter articles, fabricate news stories, or destroy the network itself.
Following the ramping up of attacks by hackers tied to North Korea in the first half of this year, the National Intelligence Service (NIS) has raised the cyber alert level for public agencies from the lowest “normal” stage to “attention,” the first rise in the five-tie cyber alert level since the inter-Korean summit between President Moon Jae-in and North Korean leader Kim Jong-un in April 2018.
A slew of hacking attacks on South Korean government bodies and companies, which include Korea Aerospace Industries – the manufacturer of Korea’s first indigenous fighter jet – and Daewoo Shipbuilding and Marine Engineering, have led to criticism that the country has let down its guard against cyber-intrusions.
In early July, opposition People Power Party (PPP) lawmaker Han Ki-ho chastised the Defense Acquisition Program Administration, the country’s main defense development agency, for failing to conduct on-site inspections into defense companies’ security set-ups since last year.
BY MICHAEL LEE, PARK YONG-HAN [email@example.com]