South's spy agency warns of hacking havoc during April election

The entrance to the National Intelligence Service in Seocho District, southern Seoul [NEWS1]

The National Intelligence Service (NIS) warned on Wednesday that hackers backed by the North could wreak greater havoc online as South Korea gears up for its general election.

According to an official from the spy agency who spoke to reporters at a closed-door briefing, over 80 percent of the 1.62 million hacking attempts committed against South Korean companies and public institutions last year have been traced back to the North’s agents.

The NIS official, who spoke on condition of anonymity, warned that the North could potentially undermine operations at South Korean banks and energy infrastructure through hacking to engender social chaos.

According to the spy agency, hacking to raise foreign currency has become widespread under leader Kim Jong-un among even the North’s IT workers, who used to disguise their identities to seek remote employment contracts with Western companies.

The NIS official noted that the scale of the North’s hacking operations is only likely to grow under Kim, who has turned to cyber theft to thwart international sanctions over his regime’s illicit weapons programs.

He also warned that the North would likely step up its theft of cyber assets, such as cryptocurrencies, while potentially extorting money from small- and medium-sized companies through targeted attacks.

The official noted that the North could extract money from victims by planting ransomware, which renders a user’s data inaccessible until they pay a fee, or through collusion with data recovery companies.

In October, South Korea and the United States issued a joint advisory to companies against hiring North Korean IT workers, warning that their income generates revenue for the regime’s nuclear and missile programs.

According to the U.S. State Department last year, North Korean IT workers working for Pyongyang collectively earned between $600 million and $1 billion in 2022 through cybercrime and foreign employment contracts.

The State Department also said that hiring IT workers from the North risks giving them “privileged access gained through these positions to enable malicious cyber operations.”

The official expressed concern that hackers backed by the North appear to have begun using AI-generated images and text to sow confusion and political discord in South Korea ahead of the general election scheduled to take place on April 10.

According to the official, the spy agency’s examination of cyber attacks from abroad found that although North Korean agents had likely committed the majority, 21 percent of damages incurred last year were the doing of Chinese-backed hackers.

Noting that recent attempts to influence South Korean public opinion included online posts and comments extolling China, the NIS cautioned that meddling in domestic affairs would only likely increase as Pyongyang, Beijing and Moscow increase their military and diplomatic cooperation against Washington and its allies.

BY MICHAEL LEE [lee.junhyuk@joongang.co.kr]