N. Korea hacks into emails of 90 Seoul officials

N. Korea hacks into emails of 90 Seoul officials. August. 02, 2016 06:45. by 신나리기자 journari@donga.com.

State prosecutors of South Korea found that a group of hackers presumed to be North Koreans have attempted to break into the emails of some 90 South Korean diplomats and top security personnel from January to June, with the passwords of 56 email accounts having been compromised. The prosecution is further investigating to check if the hackers gained access to classified information.

The Supreme Prosecutors’ Office announced on Monday that it received a report on an attempt to launch Spear phishing attacks to break into government officials’ emails in June, and it found that a group of presumed North Korea hackers had opened 27 phishing sites to launch cyberattacks.

The hackers tried to break into the private email accounts after specifically targeting those working in the institutions related to North Korean affairs such as public servants of and journalists with access to the ministries of foreign affairs, unification, and national defense, as well as professors and researchers at research centers of North Korean studies, and employees of defense industry companies. The hackers impersonated the security managers of institutes including the ministry of foreign affairs, defense industry companies as well as major portal sites to send the officials an email on a leaked password with an attached link leading to a password change window, thereby inducing them to enter their passwords.

The prosecution is of the view that the group of hackers targeted the personnel who directly handle national security data and sought to intercept the information from their emails. The hackers are believed to have secured multiple passwords from a single person by popping up the message to demand different passwords with a view to accessing the officials’ private email accounts or portal sites to get classified information.

Prosecutors presume that the hackers are from North Korea, given that the hacking method is identical to the cyberattack on Korea Hydro and Nuclear Power in 2014. They cited as main evidence the IP addresses traced back to the Chinese city of Shenyang and the format of saved files that were similar to the evidence found in the 2014 hacking case.