More North Korean cyberattacks likely in lead up to general election

North Korea

Published: 19 Jul. 2023, 19:51

More North Korean cyberattacks likely in lead up to general election

Baek Jong-wook, NIS deputy director on cybersecurity, gives a brief on North Korea's cyberattacks in the first half of this year at the National Cybersecurity Center in Seongnam, Gyeonggi, on Wednsedsay. [NATIONAL INTELLIGENCE SERVICE]

North Korea is launching more cyberattacks on the South and will likely launch even more ahead of next year's general election.

According to the National Intelligence Service (NIS), a daily average of 1.37 million cyberattacks were detected in the first half of the year. That’s roughly 15 percent more than the daily average of 1.18 million last year.

Some 70 percent of those attacks were by actors believed to be connected to North Korea.

China followed with 4 percent and Russia 2 percent.

“In our own internal index on cyberattacks, we raise the alert level when it goes above 45,” said Baek Jong-wook, NIS deputy director of cybersecurity.

“In the past, that figure didn’t go past 30, but in the first half of this year, it frequently went up above 30.”

The NIS said the attacks have not only become more frequent, but their targets have widened, and the tools used have grown more sophisticated.

In the past, the attacks mostly targeted major government institutions and agencies, or experts in diplomacy and security.

Today the attacks are aimed at random people.

“Recently there had been a case where North Korea hacked into a person’s cloud storage using stolen e-mail accounts and personal information and stole 1,000 credit card photos.”

Attacks on companies by hacking through security verification software have more than doubled in the first half of this year compared to the second half of 2022.

The NIS said one attack tried to penetrate the intranet of a major national institution by hacking a security product supplied to 250 institutions.

The NIS said they also found a case in which a North Korean IT expert tried to get hired by a South Korean company’s overseas branch.

In the past, North Korea IT experts would get work from South Korean companies as freelancers.

“To get hired by a South Korean overseas office, he used forged passports and diplomas,” a NIS official said. “They almost got hired.”

The NIS said it took particularly note of North Korea's recently appointment of Kim Yong-chol as an advisor to the United Front Department.

Kim is suspected of playing key roles in cyberattacks committed by North Korea, including the hacking of Sony Pictures in 2014.

He is also known as the mastermind behind several major attacks on South Korea, including the sinking of the naval vessel ROKS Cheonan in 2010 and the shelling of Yeonpyeong Island the same year.

Kim also accompanied North Korean leader Kim Jong-un in meeting with then-U.S. President Donald Trump in Singapore and Vietnam.

“There is a possibility that [North Korea] could try to create social chaos using large-scale cyber provocations,” a NIS official said.

North Korea could also increase cyber thefts.

The state is accused of stealing $700 million through cryptocurrency theft last year, according to the NIS.

“That’s almost the cost of firing 30 intercontinental ballistic missiles,” a NIS official said.

The NIS said it is increasing its monitoring, especially in the lead up to next April's general election.

The spy agency disclosed its evaluation of the cybersecurity of public institutions for the first time Wednesday.

It has conducted internal evaluations since 2007.

Some 25 public institutions, including the Korea Hydro and Nuclear Power Co. and the Health and Insurance Review and Assessment Service, received high points.

Another 25 institutions, including Korail and the Korea Land and Housing Corp., did not.

BY YOUN SANG-UN, LEE HO-JEONG [lee.hojeong@joongang.co.kr]