N. Korea hacks S. Korean government with 'watering hole'

N. Korea hacks S. Korean government with 'watering hole'. June. 01, 2017 07:16. by Se-Hyung Lee turtle@donga.com.

It was found that North Korea attacked the South Korean government and public organizations by using a new hacking technique called "watering hole." The new method embeds malicious codes in websites frequently visited by the target in advance, and waits for the user to access the site. It got its name from the preying habit of a wild beast waiting for the prey to appear while hiding near the watering hole. Indeed, North Korea was aiming both the South Korean government websites and its visitors.

On May 30, the Wall Street Journal (WSJ) reported that South Korean Internet security service providers suspected watering hole hacking attempts by North Korea, which targeted nine governmental and public organization websites from February to May this year. While government websites including foreign affairs, aerospace, and unification were confirmed to have been attacked by hacking attempts, the actual damage is highly likely to be worse than the current outcomes, as the number of visitors to these sites have not been confirmed.

WSJ quoted Korean experts that there are around 1,300 North Korean hackers, and the total number reaches up to 5,000 when including supporting staff members. It also added that North Korean hackers were divided into three teams designated with different tasks; Team A in charge of overseas banks and businesses, Team B dealing with South Korea, and Team C responsible for sending emails and collecting intelligence.

Though the reclusive regime blocks its people from gaining online access, its hackers in fact meet "global" standards.

In 2014, North Korea made an attempt to hack Sony Pictures; the producing company of the film "Interview," which mocked Kim Jong Un. In addition, Pyongyang hacked the Central Bank of Malaysia in February last year. Furthermore, there are claims that North Korea was the mastermind behind the recent ransomeware attack.