“Weekend Briefing” is a weekly newsletter sent to subscribers of The Readable every Friday. Our journalists select important news items from the previous week on topics ranging from privacy to policy development in cybersecurity, all to help you stay abreast of the latest breaking issues. And not only is this provided free of cost to our subscribers, but the briefing contains new content exclusive to subscribers, such as our insightful industrial reports.
“The most creative hackers in the world.” This is a description I’ve heard security experts use multiple times when referring to North Korean threat actors. However, it’s important to understand that this characterization is more sarcastic than complimentary. The reality is that North Koreans, whether hackers or civilians lacking cyber capabilities, are left with no choice but to find ways to generate profits for the Pyongyang regime.
This week brought another example of North Korean ingenuity, as revealed by the South Korean intelligence agency. The case in question involves gambling websites developed by North Korean programmers and frequented by South Korean users, a story reported by Kuksung Nam. Furthermore, North Korea captured global attention again after Microsoft and OpenAI revealed its use of artificial intelligence (AI) to create content for spear phishing attacks, with Hongeun Im reporting on the development.
This is Dain Oh reporting from South Korea, and here is your weekend briefing.
1. North Korean IT workers fund Pyongyang with earnings from illegal gambling sites, intelligence agency reveals
A group of North Korean information technology professionals has reportedly sold thousands of illegal gambling websites to South Korean criminal organizations, funneling their profits back to the North Korean government. According to the South Korean intelligence agency, over a thousand North Korean IT professionals are suspected of generating illicit revenue from overseas, particularly in China, through the sale of such online gambling platforms.
The National Intelligence Service (NIS) on Wednesday revealed details about an illegal online gambling network run by a group of North Korean IT professionals based in Dandong, China. Identified as “Gyonghung Information Technology Co., Ltd,” this group reportedly charged clients $5,000 to create illegal gambling websites and received $3,000 monthly payments for site management. Additionally, they imposed fees ranging from $2,000 to $5,000 on a monthly basis in instances of heightened website traffic. The exact earnings of this group were not disclosed by the NIS.
The North Korean operatives camouflaged their identities as Chinese IT workers, either through the assistance of Chinese intermediaries or by fabricating false identities. This involved altering their photographs on Chinese identification cards, a process facilitated by resources found on online platforms like Google or LinkedIn. They then targeted potential clients via social media channels and job recruitment sites. Portraying themselves as highly skilled foreign IT experts, the group actively pursued clientele by promising substantial profits, leveraging credentials they had deceitfully acquired from stolen resumes. READ MORE
2. North Korea uses OpenAI tools for cyber offense tasks
On Wednesday, Microsoft and OpenAI, companies partnered in the field of artificial intelligence (AI) technologies, disclosed that Kimsuky, a hacking group based in North Korea, has utilized OpenAI’s large language models (LLMs) to aid in their hacking activities.
The group leveraged OpenAI’s technologies to generate content for spear phishing campaigns, which aim to target specific individuals or organizations to extract confidential information. Specifically, they composed emails that impersonated officials from well-known educational institutions and non-governmental organizations (NGOs), soliciting opinions on international policies concerning North Korea.
According to research conducted by the two companies, there have been no confirmed instances where AI technology was directly utilized in hacking incidents. Instead, Kimsuky employed the technology for identifying pre-existing vulnerabilities, obtaining help in repairing web technologies, and scripting simple tasks, such as detecting user activities on a system. READ MORE
3. North Korean hacking group shifts to new crypto mixer after US sanctions, researchers reveal
The Lazarus Group, widely recognized for its affiliations with the North Korean government, is reportedly shifting its focus towards a new cryptocurrency mixing service to launder its illicit proceeds. This development was highlighted by a United States-based blockchain analysis firm on Thursday.
According to a report by Chainalysis, YoMix has become the preferred cryptocurrency mixer for the North Korean hacking group, Lazarus Group. The firm observed a notable shift in the movement of virtual assets, highlighting that in January, the hackers received funds from YoMix into a wallet that had previously been used to receive funds from another cryptocurrency mixer, Sinbad, in October of the previous year.
The researchers refrained from disclosing the specific amount of digital assets processed by the Lazarus Group through YoMix. However, the report revealed that last year, YoMix experienced a significant surge in its monetary transactions, witnessing an increase of more than fivefold over the course of the year. Notably, around one-third of these funds originated from wallets associated with cryptocurrency thefts. READ MORE
4. Korean professor receives prison term for leaking autonomous tech to China
A professor from the Korea Advanced Institute of Science and Technology (KAIST) has been sentenced to two years in prison by an appellate court for leaking core autonomous vehicle technologies to China. This decision, made on February 15, overturns the original sentence which had granted probation.
The Daejeon District Court imposed a two-year prison sentence on the professor, a decision that intensifies the punishment from the first trial. He was found guilty of violating the Industrial Technology Protection Act, alongside charges of fraud and embezzlement. This ruling reversed the initial verdict, with the court recognizing the leaked technology’s significant value and affirming its eligibility for protection under industrial technology laws.
Multiple local news outlets have reported that the professor, identified as Lee, leaked 72 files containing critical technologies essential for the commercialization of autonomous driving. These files were shared with researchers at local universities in China over a period extending from 2017 to February 2020. Among the leaked technologies was a core sensor technology known as LIDAR (Light Detection and Ranging). READ MORE
5. South Korea prosecutor goes hard on juvenile hacker who stole 1.4 million eBooks
The prosecutors’ office in South Korea has filed an appeal against a district court’s ruling to refer an 18-year-old hacker to juvenile court. The individual in question hacked and released at least 5,000 eBooks last May.
The Seoul Eastern District Prosecutors’ Office disagreed with the court’s February 2 decision, arguing that a case involving an 18-year-old hacker should be processed through a proper criminal trial rather than handled in juvenile court. The Seoul Eastern District Court had previously determined that the cybercriminal should be referred to juvenile court, implying that the individual would be subject to protective measures without incurring any criminal record.
“The method and extent of the damage caused by the crime are severe, and there’s a high risk of reoffending, given the premeditated nature of the act,” the prosecutors’ office stated. “Indeed, considering the severity of the offense, it is expected that the court would impose a stringent penalty.” READ MORE
6. Hacker sentenced to 18 months for exposing 280,000 students’ test scores
A hacker was found guilty of infiltrating the servers of a provincial educational institution and stealing examination results for nearly 90 percent of second-year high school students.
According to an announcement out of the Suwon District Court made on Tuesday, a 20-year-old man was sentenced to 18 months in prison on February 7 for hacking into the server of the Gyeonggi-do Office of Education. The court found that the defendant unlawfully accessed and disclosed nearly 280,000 instances of personal data to third parties on three occasions. However, the judges considered several factors in their sentencing, including that the defendant was 18 years old at the time of the crime and that his intent was to showcase his skills to peers rather than to obtain financial benefits. READ MORE
7. [Report] Security outlook 2024: AI, Election, the Paris Olympics
The Readable reviewed more than 30 reports of cybersecurity predictions, published by vendors and public institutions, and pared them down to five topics: Artificial intelligence, election security, the Paris Olympics, persistent threats, and cyber insurance. Our reporters summarized each topic in approximately 300 words, based on the analysis provided by the original reports. The sources that were referenced can be found at the end of each topic, marked with a hashtag. There is also a full list of reports at the end of the articles. READ MORE