RFA, Some Defectors Receive 'Phishing Emails'
Security Experts Suspect North Korea
Government "No Reports of Damage Yet, But Caution Advised"
[Asia Economy Reporter Jang Hee-jun] Following the fire at the SK C&C Pangyo Data Center that caused service disruptions for Kakao, there are observations suggesting that North Korea attempted hacking. This incident has also led to analyses that the North may engage in modified hacking attempts.
According to the US-based Radio Free Asia (RFA) on the 18th, North Korean industry insiders and some defectors received a phishing email titled '[Kakao] Partial Service Error Recovery and Emergency Measures Notice' on the 16th, one day after the Kakao service disruption occurred.
The email was sent from an account named 'Kakao Team (account_support)'.
The problematic email referenced the service disruption caused by the Pangyo Data Center fire and urged recipients to download an attached file named 'Kakao TalkUpdate.zip', stating, "To ensure smooth use of the PC version of KakaoTalk, please use the updated PC version of KakaoTalk."
Kakao stated regarding the email, "Emails sent by Kakao do not request personal information including account details, nor do they send emails with attached files." They also noted that this is the first reported case of such impersonation emails and warned that there may be attempts to steal personal information.
Several domestic security experts have diagnosed this incident as the work of North Korea. Since North Korean hackers can remotely control the target’s personal computer if their attack succeeds, it is evaluated that the main purposes were information gathering or monitoring computer users.
Moon Jong-hyun, Director at East Security, said, "Considering the email was sent just one day after the incident, it appears that North Korea swiftly and precisely exploited a social issue in South Korea," adding, "They may have learned the impact of the nationwide internet service outage and could attempt modified hacking attempts."
Earlier, the Ministry of Science and ICT and the Korea Internet & Security Agency (KISA) announced on the 17th that they confirmed a hacking email disguised as a KakaoTalk installation file distributed by Kakao, which induced installation of malicious programs, and urgently blocked the distribution sites.
An official from the Ministry of Unification stated, "As of now, there are no reported damage cases related to this at the Ministry of Unification level," and added, "We will check with the relevant departments and notify again if there are any reported cases."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
