Seongdonggyeokseo, Repeated North Korean Hacking Attempts... Targeting 'Individuals'

[Asia Economy Reporter Jang Hee-jun] North Korea's hacking attempts targeting individuals rather than government or institutions are increasing. In particular, experts in the fields of diplomacy, security, and military related to North Korea are the main targets, with analyses suggesting the intent is to steal South Korea's North Korea-related information or to recruit experts. Some raise concerns that North Korea might launch surprise cyberattacks amid the nuclear threat situation.

According to the National Intelligence Service on the 29th, the average daily number of hacking attempts by international and state-backed hacking groups reaches 1.15 million. The intelligence authorities judge that many of these are the work of North Korea. In fact, North Korea has frequently carried out cyberattacks targeting the South recently. A notable point in the recently detected cases is the increasing frequency of attacks attempting to steal personal information from civilians.

Hacker in a dark red hoodie in front of a digital Korean flag and binary streams background cybersecurity concept

Security company ESTsecurity confirmed on the 26th that North Korea sent a large number of emails disguised as invitations to an event hosted by the Institute of Foreign Affairs and National Security (IFANS) of the Korea National Diplomatic Academy. This event is actually scheduled to be held on the 2nd of next month. North Korea distributed a Google Docs survey form designed to appear as if it was accepting participation applications. The domain 'epizy.com,' commonly found in recent North Korean hacking attacks, was a clue.

The fake survey's address is 'docxooqle.epizy.com,' which is similar to the actual Google Docs website address 'docs.google.com.' When victims enter their name, affiliation, position, and contact information, initial information theft occurs, then it redirects to 'accounts.qocple.epizy.com.' Afterward, a fake Google login screen appears, exposing the Google account to hacking risks.

Unlike hacking aimed at retaliating against regime criticism or raising funds for nuclear and missile development, the primary purpose of attacking individuals is information theft. In particular, North Korea is known to monitor the private lives of public officials, experts, and journalists in the North Korea-related fields over a long period, starting when they hold lower positions, as a mid- to long-term strategy. It is analyzed that the intent is to collect materials that could be problematic in South Korean society and use them to threaten or recruit the target when they rise to high-ranking positions or take on key posts of interest to North Korea.

Additionally, on the 16th, a day after a fire at the SK C&C Pangyo data center caused Kakao service disruptions, North Korea sent phishing emails titled '[Kakao] Partial Service Error Recovery and Emergency Measures Notice' targeting industry workers related to North Korea, defectors, and politicians. This revealed North Korea's quick grasp of South Korean social conditions.

On the 12th, North Korea also attempted hacking in the form of requesting a paper review. It was in the form of requesting a review of a manuscript submitted to a leading domestic university academic journal, sending a consent form for the use of personal information for payment of review fees. The paper's title was 'US-China Competition and North Korea's Asymmetric Diplomatic Strategy Review,' targeting professors in the diplomacy and security fields.

Security experts commonly agree that North Korea's cyberattack capabilities have already reached a considerable level. A representative example is the attack on Sony Pictures in 2014, which produced a film that satirized the assassination of Kim Jong-un, the General Secretary of the Workers' Party. In 2016, the North Korean hacker group Lazarus also stole $81 million from the Bangladesh Central Bank's account held at the Federal Reserve Bank of New York.

However, a concerning factor is the low level of security awareness among our citizens. Especially, the limitations imposed on the intelligence authorities' surveillance system due to political controversies such as 'comment manipulation' are seen as something North Korea welcomes.

Moon Jong-hyun, director of ESTsecurity who has researched North Korean hacking issues for nearly 20 years, warned, "North Korea's hacking is already happening routinely, though victims are unaware. Especially, with the recent Kakao outage incident, North Korea can learn the impact of paralyzing a platform used by the entire nation and attempt modified hacking attempts. Establishing strengthened cyber security strategies is urgent."

Intelligence authorities are also on high alert for the possibility of North Korea launching cyberattacks amid ongoing provocations and growing concerns over the 7th nuclear test. Since March this year, they have raised the cyber crisis alert level to 'caution' and strengthened monitoring, maintaining a state of readiness.

A National Intelligence Service official said, "North Korea continues to focus on earning foreign currency to evade sanctions while stealing advanced technology aimed at strengthening its defense capabilities. Given North Korea's history of launching cyberattacks against government and financial institutions immediately after nuclear tests as a phase-shifting tactic, we are preparing for the possibility of hacking attacks following military provocations."

© The Asia Business Daily(www.asiae.co.kr). All rights reserved.