[Asia Economy Reporter Bu Aeri] A hacking group presumed to be from North Korea, 'Thallium,' has been found to have conducted email phishing attacks targeting individuals working in North Korea-related fields by impersonating Samsung Cloud.
Security company ESTsecurity announced on the 25th that it discovered an email phishing attack targeting individuals in North Korea-related fields by impersonating a major domestic corporation.
This attack used a method of sending meticulously crafted malicious emails to specific individuals in North Korea-related fields, making it appear as if they were sent from the 'Samsung Cloud Service.'
The email body included a notice stating that the use of the Samsung Cloud Service gallery was confirmed, along with emphasized text showing 'Frequently Asked Questions.' Clicking this text connects to a malicious URL pre-set by the attacker.
ESTsecurity confirmed that the IP address range used in this attack matches the activity range of the hacking group 'Thallium.'
Thallium is an organization that focuses attacks on domestic defense contractors, individuals working in North Korea research fields, defectors from North Korea, and journalists covering North Korea. Although the exact scale and existence are not precisely known, the industry views it as being backed by North Korea.
Moon Jonghyun, head of the ESRC Center at ESTsecurity, stated, "The Thallium group, known to be linked to a specific government, is conducting cyber espionage almost daily against domestic activists in North Korea-related fields, raising the level of threat," and added, "Since Thallium's attack methods are becoming increasingly diverse and sophisticated, special caution is required."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
