Yoon Administration Designates 'Kim Su-ki' as First Independent North Korea Sanction... 8th Independent Sanction
The government announced on the 2nd that it has designated the North Korean hacking group ‘Kimsuky’ as a target of independent sanctions against North Korea. This sanction is the eighth independent sanction measure against North Korea since the inauguration of the Yoon Suk-yeol administration. Since October last year, the government has selected 43 individuals and 45 organizations as targets of independent sanctions.
This is the first time the South Korean government has designated Kimsuky, a representative hacking group widely known both domestically and internationally, as a target of independent sanctions.
Kimsuky provided information collected through espionage from individuals and organizations in fields such as diplomacy, security, and defense to the North Korean regime. North Korean hacking groups including Kimsuky are known to have been directly or indirectly involved in satellite development by stealing advanced technologies related to weapons development, artificial satellites, and space from around the world.
North Korea’s Kimsuky collects intelligence and provides it to the North Korean regime
According to the Ministry of Foreign Affairs and the National Police Agency, 17 cyberterrorism incidents originating from North Korea have been announced from 2009 to the present, of which 4 have been confirmed as the work of Kimsuky from 2014 to the present. Examples include the 2014 document leak from Korea Hydro & Nuclear Power, the 2016 email impersonation of the National Security Office, the 2022 email impersonation incidents involving government agencies, reporters, and members of the National Assembly, and the 2021 hacking incident at Seoul National University Hospital.
Considering that Kimsuky carries out ransomware attacks and demands ransom, the government also listed Kimsuky’s virtual asset wallet addresses as identifying information. This measure is based on the Foreign Exchange Transactions Act and the Act on the Prohibition of Fund-Raising Activities for the Purpose of Threats to the Public and the Proliferation of Weapons of Mass Destruction. To conduct foreign exchange or financial transactions with those designated as targets of this financial sanction, prior approval from the Governor of the Bank of Korea or the Financial Services Commission is required.
Transactions without approval may be subject to penalties under relevant laws. It is also prohibited to trade virtual assets with designated targets without prior approval from the Financial Services Commission.
South Korea-US governments issue advisory... Report to police if attacked
Lee Jun-il, Director of the North Korea Nuclear Planning Division at the Ministry of Foreign Affairs, and Choi Hyun-seok, Director of the Cyber Investigation Bureau at the National Police Agency (right), are holding a briefing on the morning of the 2nd at the Ministry of Foreign Affairs in Jongno-gu, Seoul, regarding the inclusion of the North Korean hacker group 'Kimsuky' under the Reconnaissance General Bureau on the independent North Korea sanctions list. Kimsuky is a notorious hacking operation group known for stealing advanced domestic weapons, satellites, and space-related technologies, including hacking Korea Hydro & Nuclear Power and Korea Aerospace Industries. 2023.6.2
The National Intelligence Service, National Police Agency, Ministry of Foreign Affairs of the Republic of Korea, and the United States Federal Bureau of Investigation (FBI), Department of State, and National Security Agency (NSA) jointly issued a 'South Korea-US Government Joint Security Advisory' to raise awareness by informing about the hacking methods of the North Korean hacking group Kimsuky.
In the 23-page advisory in Korean, it emphasized that “Kimsuky carries out cyberattacks using techniques that exploit human trust and social relationships to obtain confidential information.” It added, “It recommends strengthening caution against emails from unverified sources, setting strong passwords, multi-factor authentication, and other account protection measures, and for system administrators, it recommends security enhancement measures for services, networks, and servers.”
Kimsuky is an organization under the Reconnaissance General Bureau and has conducted cyberattacks for over 10 years. It targets key figures in governments, politics, academia, and the media worldwide to provide diplomatic policy information and others to the North Korean regime. In particular, it has carried out spear-phishing attacks to steal information. It especially recommends recipients of emails to strengthen caution against emails from unverified sources and to set strong passwords. It also recommends system administrators to enhance security measures for services, networks, and servers.
Meanwhile, as part of related cooperation, South Korea and the US held the ‘South Korea-US Joint Symposium on North Korean IT Personnel Activities’ in San Francisco on the 24th of last month (local time). Kim Gun, Director of the Ministry of Foreign Affairs’ Office for Peace Negotiations on the Korean Peninsula, said in his welcoming remarks, “North Korea has hit the so-called 'jackpot' in the cyber field,” adding, “North Korea is focusing on securing funds through IT personnel in addition to stealing virtual currency. It is estimated to earn hundreds of millions of dollars annually.” He explained that IT personnel affiliated with North Korean authorities are securing work worldwide not only through virtual currency hacking but also through identity forgery and other means.
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
