It has been confirmed that North Korean hacking group 'Kimsuky' attempted a cyberattack targeting the South Korea-U.S. joint military exercises.
The Security Investigation Division of the Gyeonggi Southern Provincial Police Agency announced on the 20th that after investigating multiple malicious emails sent between February and March to employees of domestic war game operator Company A, who were dispatched to the South Korea-U.S. joint military exercise 'Freedom Shield (FS)', it was determined that Kimsuky was behind the attacks.
Since April last year, Kimsuky continuously launched email attacks containing malware to hack Company A. In January, they succeeded in hijacking the email account of an administrative employee at Company A and implanting malware on their computer. Subsequently, Kimsuky remotely accessed Company A’s systems to monitor ongoing work and email communications in real time, and stole personal information of the employees.
Based on the stolen data, in February, timed with the year-end tax adjustment period, Kimsuky sent emails disguised as withholding tax receipts to Company A employees dispatched to the Freedom Shield war game facility. The employees attempted to open the attached files, but since the war game facility is located within a U.S. Forces Korea base and subject to the U.S. Department of Defense’s network controls, the security system blocked the files from opening.
The investigation found no evidence that military-related information was leaked to Kimsuky. However, the police explained that some employees forwarded the emails to their personal email accounts outside the organization and viewed them, during which personal computers were infected with malware.
After confirming the damage through information sharing with U.S. military investigative agencies in March, the police launched an investigation and identified that the IP addresses used in the hacking attack matched the IP range used by Kimsuky in the 2014 Korea Hydro & Nuclear Power hacking incident. Considering the similarity to previous attacks, the use of North Korean vocabulary such as 'nyeomdu', and the timing of the South Korea-U.S. joint exercises (March 13?23), it was concluded that this incident was also the work of Kimsuky.
Meanwhile, Kimsuky is a North Korean hacking group that gained notoriety for the 2014 Korea Hydro & Nuclear Power hacking incident. The South Korean government added Kimsuky to its independent North Korea sanctions list in June.
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
![Clutching a Stolen Dior Bag, Saying "I Hate Being Poor but Real"... The Grotesque Con of a "Human Knockoff" [Slate]](https://cwcontent.asiae.co.kr/asiaresize/183/2026021902243444107_1771435474.jpg)
