North Korea created a fake login page
and even implemented ad banners on Naver's layout
National Intelligence Service "Immediate access suspension... tracing the source"
It has been revealed that North Korea has established a phishing site that replicates the widely used domestic portal site 'Naver' in real time. The National Intelligence Service (NIS) warned that there are signs North Korea attempted hacking against unspecified individuals through the problematic site.
On the 14th, the NIS announced that if users access Naver through domains other than the legitimate domain address (www.naver.com), such as 'www.naverportal.com', they should immediately stop accessing the site.
According to the NIS, North Korea had previously only replicated the login pages of portals like Naver and Kakao to induce domestic users to log in. This was an attempt to hack IDs and passwords to steal personal information. However, the 'fake Naver' site caught by the NIS this time was found to have completely replicated the real Naver main page’s real-time news, advertisement banners, and more. It was even confirmed that detailed menus frequently visited by users, such as stocks, real estate, and news, were identically implemented.
An NIS official explained, "It is difficult to distinguish the phishing site from the real site just by appearance," adding, "It appears that North Korea has evolved its attack methods to increase the possibility of stealing personal information."
The left side shows the normal Naver main screen, and the right side is a phishing site created by a North Korean hacking group. It replicates everything from the screen layout ratio to real-time ad banners. [Photo by National Intelligence Service]
The left side shows a normal Naver news screen, while the right side is a phishing site created by a North Korean hacking group. It replicates everything from the screen layout ratio to the real-time news arrangement. [Photo by National Intelligence Service]
The NIS has immediately shared related information with national and public institutions as well as the Korea Internet & Security Agency (KISA) to prevent further user access to the phishing site. Accordingly, related organizations are carrying out measures to block access to the problematic site.
An NIS official stated, "The servers of the phishing site created by North Korea are located overseas, and we are tracking the activities of state-backed hacking groups through information sharing with foreign agencies," adding, "We plan to respond in various ways to prevent harm to our citizens." Furthermore, the official urged, "When using portal sites, it is safer to enter the address directly or use the bookmark function," and emphasized, "North Korea’s hacking attack methods targeting our citizens are becoming increasingly sophisticated, so we ask the public to be even more vigilant."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
