[Weekend Briefing] US, South Korean officials meet in Seoul to combat North Korean crypto heist

By Dain Oh and Kuksung Nam, The Readable
Nov. 18, 2022 8:32PM KST

“Weekend Briefing” is a weekly newsletter that is sent to The Readable’s subscribers every Friday. Cybersecurity journalists for The Readable carefully select important news stories from the previous week and deliver them in a compact form. Topics encompass cybercrime, geopolitics, and privacy. There are no costs involved with a subscription, and some content, such as the monthly ransomware index report, is only available to those who subscribe to our newsletters.

Hello, this is Dain Oh and Kuksung Nam in South Korea. Bilateral cooperation between the United States and South Korea against North Korean cyber threats has been accentuated for the last few months. Representatives from each country have been making trips to each other’s nations to discuss countermeasures on the increased risk of malicious cyber activities by Pyongyang. Including the latest updates in the alliance, The Readable has picked four news stories from this week. Have a restful weekend!

1. US, South Korean officials meet in Seoul to combat North Korean crypto heist

The United States and South Korea held the second bilateral working group meeting on North Korean cyber threats on Wednesday. Jung Pak, Deputy Special Representative for the Democratic People's Republic of Korea, and Lee Tae-woo, Republic of Korea Ministry of Foreign Affairs Director-General for North Korean Nuclear Affairs, met in Seoul on this occasion, following the first meeting which took place in Washington D.C. last August.

Dr. Jung Pak, Deputy Special Representative for North Korea from the U.S. Department of State, left, and Lee Tae-woo, Director-general for North Korean nuclear affairs at the Ministry of Foreign Affairs of South Korea, meet in Seoul on November 16 to discuss North Korean cyber threats. This was the second working group meeting between the two nations. Photo by the Ministry of Foreign Affairs of South Korea

More than 60 officials from the two nations, who have overseen diplomacy, national security, law enforcement, and information technology, gathered in Seoul and discussed countermeasures to North Korean malicious cyber activities, including cryptocurrency heists and laundering. Discussing the meeting results, the U.S. Department of State and the South Korean Ministry of Foreign Affairs stated that North Korea has generated revenue for weapons of mass destruction and ballistic missile programs through information technology workers who have been dispatched abroad.

With shared understanding, the U.S. and South Korean representatives decided to alert the countries where North Korean IT workers are active, so that those states can cut off the illicit money pipeline which leads to Kim Jong-un’s regime. Furthermore, the two countries shared information on specific cases and tactics of North Korean cyber actors. They also discussed countermeasures, such as cyber sanctions and cooperative policies, according to a press release by the Ministry of Foreign Affairs.

The U.S. and South Korean governments also convened a joint symposium on countering North Korean cyber threats to cryptocurrency exchanges on Thursday. The participants from 16 countries discussed how stakeholders in the public and private sector can defend against cyberattacks by North Korean actors who steal funds from cryptocurrency exchanges and other virtual asset service providers. According to the U.S. Embassy & Consulate in South Korea, North Korea stole the equivalent of $620 million in cryptocurrencies from a virtual asset service provider in March of this year.

“North Korean unlawful cyber activities are not limited to particular nations or industries,” mentioned Kim Gunn, Deputy Minister of the Korean Peninsula Peace Regime Bureau at the symposium. “They are indiscriminately destroying the world. We should make North Korea realize that illegitimate measures will never win.”

The symposium featured presentations by representatives from the U.S. Department of State and the Treasury, the U.S. Federal Bureau of Investigation, the South Korean Ministry of Foreign Affairs, the U.N. Security Council’s DPRK Panel of Experts, and international research institutions. The topics included types of DPRK cryptocurrency malware, the U.N. Security Council resolutions on the DPRK, and cybersecurity best practices. Mechanisms to enhance cooperation between the private sector and governments to effectively prevent and respond to North Korean cyber operations were further discussed.

The South Korean police on Wednesday announced that they have arrested ten members of an alleged hacking group suspected of stealing accounts from popular blogs and reselling them to buyers who wanted commercial exposure. Among the ten members, four of them, including the leader of the hacking group, were taken into custody. The police added that they are planning to catch the accomplices who have not yet been arrested.

According to the Gyeonggi Bukbu Provincial Police Agency, the hacking group stole the accounts of popular blogs on Naver, the biggest online search engine in the country, by sending malicious emails. The suspects forged email addresses that were similar to Naver’s official domain address and sent fake security enhancement emails to steal victims’ credentials. The police wrote that the hacking group selected about five hundred popular blogs as their target for criminal activities prior to the hacks.

“The police have found 18 accounts that were abused by the suspects,” an official of the Gyeonggi Bukbu Provincial Police Agency told The Readable. According to the official, the suspects have made approximately 200 million won ($149,000) from their criminal activities. The police are expecting that they will find more victims as the leader of the hacking group has testified that they have stolen about 150 accounts.

3. South Korea conducts multinational cybersecurity training including US, China, and Russia

Designed by Areum Hwang, The Readable

The South Korean military said on Thursday that they conducted a virtual multinational cybersecurity mock training session with the member states of Association of Southeast Asian Nations Defense Ministers’ Meeting Plus, a gathering dedicated to enhancing defensive capabilities in cyberspace.

The ASEAN Defense Ministers’ Meeting Plus experts working group on cybersecurity is joined by ten member states of the ASEAN countries and eight other countries including Australia, India, Japan, New Zealand, South Korea, United States, China, and Russia.

This is the first time Russia has taken part in a cybersecurity training held by the current working group of 18 member states. To read the original reporting, click here.

4. Hyundai Motors faces sanctions for exposing personal information

Designed by Sangseon Kim, The Readable

South Korean automaker Hyundai Motor Company has faced government sanctions after it was confirmed to have leaked customers’ personal information due to a system error which was caused by unfinished software testing.

On Wednesday, the Personal Information Protection Commission imposed sanctions on 14 business entities, including Hyundai Motors and Nongshim, for privacy violations. The entities are levied to pay 50 million won ($37,000) fines in total.

According to the commission, Hyundai Motors made a mistake when it was connecting the company’s application to a livestream shopping software. It was discovered by an investigation that the company decided to release source code to its server even though it did not finish software testing. To read the original reporting, click here.


The cover image of this article was designed by Sangseon Kim.

Dain Oh is an award-winning cybersecurity journalist based in South Korea and the founding editor-in-chief of The Readable by S2W. Before joining S2W, she worked as a reporter for The Electronic Times, the top IT newspaper in Korea, covering the cybersecurity industry on an in-depth level. She reported numerous exclusive stories, and her work related to the National Intelligence Service led to her being honored with the Journalist of the Year Award in 2021 by the Korea Institute of Information Security and Cryptology in a unanimous decision. She was also the first journalist to report on the hacking of vulnerable wallpads in South Korean apartments, which later became a nation-wide issue.

Kuksung Nam is a cybersecurity journalist for The Readable. She covers cybersecurity issues in South Korea, including the public and private sectors. Prior to joining The Readable, she worked as a political reporter for one of the top-five local newspapers in South Korea, The Kyeongin Ilbo, where she reported several exclusive stories regarding the misconduct of local government officials. She is currently focused on issues related to anti-fraud, as well as threats and crimes in cyberspace. She is a Korean native who is fluent in English and French, and she is interested in delivering the news to a global audience.