“Weekend Briefing” is a weekly newsletter sent to subscribers of The Readable every Friday. Our journalists select important news items from the previous week on topics ranging from privacy to policy development in cybersecurity, all to help you stay abreast of the latest breaking issues. And not only is this provided free of cost to our subscribers, but the briefing contains new content exclusive to subscribers, such as our insightful industrial reports.
The National Intelligence Service (NIS) and the National Police Agency of South Korea, in collaboration with six organizations from the United States and the United Kingdom, issued a joint cybersecurity advisory alerting the international community to the security threats posed by North Korea’s cyber group Andariel. This advisory follows the indictment of a member of Andariel by the U.S. government on charges of infiltrating U.S. hospitals and using ransomware. Additionally, Google-owned Mandiant has classified Andariel as APT (Advanced Persistent Threat) 45, highlighting the group’s latest nefarious advancements.
A YouTube channel with 8 million subscribers was hacked to promote a specific cryptocurrency. South Korean police have also reported a rise in cyberbullying among teenagers, who use technology to manipulate images and harass both classmates and teachers. Meanwhile, the focus on CrowdStrike’s software glitch is diminishing as details about the issue and the next steps become clearer. Recently, a conference highlighted the growing interest in artificial intelligence security. Additionally, a talented reporter on my team, Kuksung Nam, is embarking on a new career and has shared her farewell thoughts with our readers.
This is Dain Oh, reporting from South Korea, and here is your weekend briefing.
1. North Korea escalates cyber threats, prompting security alerts for South Korea, US, and UK
On Friday, a South Korean intelligence agency, along with its international partners, issued a joint cybersecurity advisory concerning a North Korean hacking group. This announcement followed the indictment of one of the group’s members by the United States government a day earlier. The individual is accused of infiltrating U.S. hospitals and infecting them with ransomware.
In the joint statement, eight organizations were listed, including the U.S. Federal Bureau of Investigation (FBI), the U.S. Cyber National Mission Force (CNMF), the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the U.S. Department of Defense Cyber Crime Center (DC3), the U.S. National Security Agency (NSA), South Korea’s National Intelligence Service (NIS), South Korea’s National Police Agency (NPA), and the United Kingdom’s National Cyber Security Centre (NCSC).
The advisory warned that a North Korean state-sponsored cyber group, known publicly as Andariel, Onyx Sleet, DarkSeoul, Silent Chollima, and Stonefly, is persistently targeting defense, aerospace, nuclear, and engineering entities. The goal of these attacks is to obtain sensitive and classified technical information and intellectual property to advance the regime’s military and nuclear programs and ambitions. READ MORE
2. South Korean YouTube channel with 8M subscribers hacked to promote crypto
A popular South Korean YouTube entertainment channel with over 8 million subscribers, along with the company’s streaming content platform, was hacked on Saturday. The channel’s name and profile picture were replaced with those of a cryptocurrency company, and all previously hosted content was removed and replaced.
Total Variety Network (tvN), a pay television channel that broadcasts South Korean entertainment programming, announced on its website that the tvN DRAMA YouTube channel, which features content from its TV shows, was hacked by an external cyberattack in the early morning of July 20. Additionally, tvN’s streaming platform Tving was also targeted by hackers, prompting the network to post an announcement on this site as well.
According to tvN, hackers changed the tvN DRAMA YouTube channel name to ‘Ripple,’ a cryptocurrency payment platform. The channel ID was also changed to ‘@official-xrp,’ referring to the cryptocurrency tokens used on the Ripple platform. READ MORE
3. Cyberbullying is on the rise among teens, South Korean police reveal
South Korean police have raised concerns about the rise of sexual cyberbullying among teenagers, including an increase in the creation and distribution of abusive sexual images and videos.
On Tuesday, the Seoul Metropolitan Police Agency released data on school bullying and teen crime, detailing the period from January to June of this year. According to the analysis, reports of sexual assault and harassment surged from 253 in 2023 to 662 in 2024, marking a 161.7% increase in just one-half year. Notably, cybercrime accounted for 63.1% of these reports, with 20 cases involving explicit and abusive fake images and videos, a noteworthy and shocking increase from all numbers to date.
According to a police officer from the Seoul Metropolitan Police Agency, recent technological advancements have led to teenagers abusing these technologies to commit increasingly upsetting sexual crimes. Recently, a middle school student was arrested for manipulating a photo by splicing the face of a female student from the same school she attended onto a sexually explicit image of another person and then posting it online. The student also posted the victim’s personal contact information along with the image. For that crime, the offender was sentenced to two years in prison. READ MORE
4. CrowdStrike software glitch sparks global outage: Key developments from the past week
CrowdStrike has undergone a massive cyber system outage that has lasted for six days. The incident has had a global impact, bringing many industries, governments, and businesses around the world to a standstill. Airports, hospitals, banks, and other essential services have been affected, disrupting daily life for millions of people worldwide.
CrowdStrike is a leading American cybersecurity technology company, established in 2011, that specializes in endpoint security, threat intelligence, and incident response. The company provides comprehensive protection against cyber threats, including ransomware attacks, by leveraging artificial intelligence. With a global presence, CrowdStrike serves approximately 30,000 subscribers, safeguarding them from potential cyber threats.
The outage occurred at 4:09 AM UTC on July 19 when an invalid software patch was deployed for CrowdStrike’s ‘Falcon Sensor.’ This software runs on Microsoft Windows and monitors and detects cyber threats in real-time.
In their report issued on Thursday, CrowdStrike confirmed that the outage was triggered by software crashes on Windows systems that were online between 4:09 and 5:27 AM on July 19. Interestingly, systems that were not online during this specific timeframe, as well as Mac and Linux systems, remained unaffected. The company is now working diligently to rectify the issue and prevent such incidents in the future. READ MORE
5. AI security draws unprecedented attention, pulling top brains together in three-day workshop
Hongcheon, Gangwon―Released in 1966, the movie The Good, the Bad and the Ugly depicts an uneasy alliance and struggle among three men on a quest for hidden treasure. Echoing the film’s themes, a group of experts in artificial intelligence security recently held a workshop titled “The Good, The Bad, and The Ugly of AI Security.” This theme reflects the current uneasy relationship between humans and AI, particularly heightened by security concerns.
Kwon Taekyoung, a professor of information security and AI at Yonsei University, has been leading the AI Security Research Group since the beginning of this year. The group, established in 2019, operates under the Korea Institute of Information Security & Cryptology (KIISC), South Korea’s leading academic organization in cybersecurity. It organizes annual events, including the AI Security Workshop.
“As a scholar, I resonate with Andrew Ng’s assertion that ‘AI is the new electricity,’” Kwon said during his opening speech at the 2024 AI Security Workshop, referencing Ng’s statement from early 2017. Kwon emphasized that, like electricity, AI will become integral to every aspect of our lives. However, he also noted that improper use of AI poses significant risks. “Our research group is committed to enhancing AI security so that people can use AI safely and conveniently, just as the pioneers of electricity security worked to ensure safe use of electrical technology,” he added.
This year’s workshop took place over three days in Hongcheon, a county located two hours from central Seoul, with the main conference held on July 18. Despite the research group having just under 100 members, over 340 researchers from across the nation attended the conference, including some who traveled from abroad. “We are witnessing unprecedented interest in our workshop,” Kim Hyoung-shick, a professor in the Department of Computer Science and Engineering at Sungkyunkwan University and the Program Chair of the AI Security Workshop, told The Readable. “This reflects the growing awareness surrounding AI security,” Kim elaborated. READ MORE
6. South Korea fines AliExpress $1.4M for transferring customer data to Chinese sellers
The South Korean data protection authority announced Thursday that it has fined the Chinese shopping application AliExpress approximately 2 billion won ($1.44 million). The fine was imposed for the company’s transfer of South Korean customer data to 180,000 Chinese sellers. This marks the first instance of a company being fined in South Korea for violating the Privacy Act by transferring information abroad.
On Wednesday, the Personal Information Protection Commission (PIPC) concluded its investigation into AliExpress, which has been collecting and using customer data since February of this year. The PIPC imposed a fine of 1.9 billion won ($1.42 million) and an additional penalty of 7.8 million won ($5,600) on AliExpress for violating privacy laws.
AliExpress is an online marketplace based in China that enables merchants to sell products to customers worldwide. According to WiseApp, a company specializing in app and retail analytics, more than 8 million South Korean customers were using AliExpress as of April 2024. As of February 2024, it was the second most popular shopping application among South Koreans. READ MORE
7. [Perspective] Putting one stone on the pile
Two years ago, during one of our weekly meetings, Dain Oh, editor-in-chief of The Readable, asked if I was familiar with the term “FUD.” At the time, I had no idea what it meant and even imagined it might refer to a foreign intelligence agency or one of the notorious hacking groups I had heard about. Dain explained that “FUD” stands for “Fear, Uncertainty, and Doubt.” She described how these three words represent a tactic used in the cybersecurity industry, where negative emotions are leveraged to persuade people to purchase products designed to protect against potential cyberattacks.
After deciding to conclude my journey at The Readable, that memory naturally resurfaced. Over the past two years of reporting on cybersecurity issues, I gradually came to grasp the full weight of the editor-in-chief’s words. It became clear that Dain was not just highlighting the marketing strategy to a junior reporter like me, who had recently entered the cybersecurity field. She was underscoring the potential consequences for the public when FUD spreads through media outlets that merely echo these claims without proper fact-checking.
For example, in March 2023, the National Tax Service (NTS) was thrust into the spotlight as a victim of the LockBit ransomware group. On the hacking group’s dark web leak site, the NTS appeared with a digital clock counting down to April 1. Although the clock’s bright red color changed to vivid green, indicating that the deadline had passed, the purportedly stolen data was never released. The NTS spokesperson confirmed that taxpayer information had not been compromised. About three weeks after the incident, one of the country’s largest cybersecurity firms suggested that the whole affair might have been an April Fool’s prank. READ MORE
