National Intelligence Service, NSA, FBI "Response to North Korean Cyberattacks"
North Korea Attacks Using Fake Domains...Virtual Asset Theft
[Asia Economy Reporter Jang Hee-jun] To respond to North Korea's malicious cyber attacks, South Korean and U.S. intelligence agencies jointly issued a 'security advisory.'
The National Intelligence Service (NIS) announced on the 10th that it had prepared a security advisory to inform about North Korea's cyber threat situation and to prevent it, in cooperation with U.S. intelligence agencies such as the National Security Agency (NSA) and the Federal Bureau of Investigation (FBI). This is the first time that South Korean and U.S. intelligence agencies have jointly issued a security advisory. On the same day, the NSA released the same advisory in the United States.
According to the NIS, North Korea has recently been focusing its malicious cyber activities on key institutions in various fields such as medical and healthcare sectors worldwide, aiming to earn foreign currency and extort money. The joint issuance of this advisory is evaluated as an example showing that South Korean and U.S. intelligence agencies are closely cooperating to respond to the increasing cyber attacks by North Korea.
The NIS particularly diagnosed that North Korea continuously abuses ransomware and virtual assets to conceal the attackers' identities and evade tracking. Ransomware is a malicious program that illegally takes control of another person's computer and encrypts data; after a successful hack, it demands ransom under the pretext of data restoration.
According to the security advisory, North Korean authorities or hacking groups linked to North Korea create disguised domains and accounts, then use virtual private networks (VPNs) to attack the networks of targeted institutions. Subsequently, they use malware to destroy, alter, or encrypt systems and demand virtual assets including cryptocurrency as a condition for restoration.
The NIS disclosed 'Indicators of Compromise (IOC)' such as related IP addresses and file names to detect and block such North Korean ransomware attacks in advance. Additionally, it presented technical measures such as backup and inspection methods to prevent cyber attacks and mitigate damage, urging special caution and response. Detailed information can be found on the National Cyber Security Center website.
An NIS official warned, "South Korean and U.S. intelligence agencies assess that North Korea uses cryptocurrency earned through hacking to achieve its national priorities and intelligence objectives," adding, "Once infected with ransomware, paying the ransom does not guarantee data recovery." The official further stated, "We will continue to closely cooperate with related countries and institutions to prevent cyber attack damage and respond proactively."
Meanwhile, the NIS expects that this year, cyber financial crimes targeting public institutions and companies through ransomware will increase significantly, as well as movements targeting South Korea's defense technology. Especially as North Korea enters the third year of its national economic development plan, it is anticipated to intensify efforts to steal South Korea's technical data to complete its tasks while also collecting diplomatic and security information.
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
