“Weekend Briefing” is a weekly newsletter sent to subscribers of The Readable every Friday. Our journalists select important news items from the previous week on topics ranging from privacy to policy development in cybersecurity, all to help you stay abreast of the latest breaking issues. And not only is this provided free of cost to our subscribers, but the briefing contains new content exclusive to subscribers, such as our insightful industrial reports.
Like many politicians who have reached high office, South Korean President Yoon Suk-yeol is not without controversy. Yet his vision for cyber defense deserves our highest recognition and praise. Under his leadership, South Korea has been able to directly link the growing number of cyberattacks afflicting the nation to North Korea—a reality the previous administration was hesitant to fully acknowledge. Furthermore, since taking office, Yoon has strengthened cyber defense cooperation with the United States, including organizing joint exercises between the nations, which took place on Korean soil last January. Both domestically and internationally, Yoon’s administration has advanced several key strategic cyber initiatives. These efforts reflect his understanding that the nation’s future is inseparably tied to cybersecurity.
According to the U.S. State Department, South Korea and the U.S. held their seventh bilateral Working Group meeting from Thursday to Friday, focused on countering cyber threats from North Korea. During the meeting, the two nations agreed to pursue a range of actions to prevent and disrupt North Korea’s cryptocurrency heists, address its cyber espionage against the defense sector, halt third-party facilitators aiding North Korea’s illicit revenue generation, and dismantle its IT worker networks. The agenda also included capacity-building initiatives for nations vulnerable to North Korean cyber threats.
Below are seven independent stories covering President Yoon’s new cyber initiative, North Korean hackers, and the global anti-ransomware pact.
This is Dain Oh reporting from South Korea, and here is your weekend briefing.
1. South Korea to enhance offensive cybersecurity, boosting attribution capabilities
Following an earlier announcement from South Korea’s National Security Office outlining its National Cybersecurity Strategy, the office has now unveiled a more detailed implementation plan that aligns with President Yoon Suk-yeol’s specific goals for enhancing the nation’s offensive cybersecurity preparedness.
The new plan clearly states that South Korea will strengthen its offensive cyber defense capabilities and concentrate on tracking threat actors to their operational bases, including their infrastructure.
On Sunday, the Office of National Security, which serves as a national cybersecurity control hub for the President, publicly unveiled the National Cybersecurity Master Plan. The complete document was also released by South Korea’s National Cyber Security Center (NCSC), an organization comparable to the United Kingdom’s Government Communications Headquarters (GCHQ). READ MORE
2. South Korea hosts international cyber exercise, inviting 24 nations to Seoul
Seoul, South Korea―An international cyber exercise, proposed by South Korean President Yoon Suk-yeol at last summer’s NATO summit, will bring security experts from around the world to Seoul next week.
The National Intelligence Service (NIS) announced on Wednesday that South Korea will lead an international cyber defense drill, named the “APEX (Allied Power Exercise) 2024,” at the Convention and Exhibition Center (COEX) in Seoul from September 10 to 12.
The global exercise will proceed simultaneously with the Cyber Summit Korea (CSK) 2024, a conference whish is also hosted by the NIS.
In APEX 2024, approximately 70 cybersecurity professionals from 24 countries, including the United States, Italy, Japan, and Singapore, will be divided into teams to jointly respond to simulated cyber crises. Unlike traditional cyber exercises, which are often competitive, APEX 2024 emphasizes fostering cooperation among participating nations, the NIS explained in a statement. READ MORE
3. Now nearly 70 strong, global anti-ransomware pact wants private sector more involved in efforts
Washington, D.C.—2024 Billington Cybersecurity Summit—Four years ago, representatives from 31 countries convened via video conference to declare ransomware attacks a global cybersecurity threat, warning that successful attacks could have significant economic consequences for both organizations and governments.
The insidious malware—programmed to hold organizations’ sensitive information and systems hostage in exchange for a ransom payment that must be made within days or hours—has stifled firms around the world and caused millions of dollars in losses for those affected.
Such specialized cyberattacks frequently made headlines this past year, including a ransomware assault on the United Kingdom’s British Library last October, which severely disrupted operations. Another notable incident was the Change Healthcare attack, which crippled much of the United States healthcare system.
Now, 68 nations make up the International Counter Ransomware Initiative (CRI). This month, their representatives will reconvene for their annual gathering to further discuss strategies for protecting companies and governments from ransomware attacks, as well as holding hackers accountable for deploying malicious code onto targeted networks. READ MORE
4. North Korea hacked $13.4B in cryptocurrency over seven years, a think tank reveals
North Korea has stolen $13.4 billion in cryptocurrencies over the past seven years, according to South Korea’s Institute for National Security Strategy (INSS). This amount accounts for 20 percent of North Korea’s total illicit foreign currency earnings.
On August 27, the Institute for National Security Strategy (INSS), a research institute focused on South Korea’s security strategy, released its second strategic report on North Korea’s foreign currency earnings. The report states that since 2017, the United Nations Security Council has imposed sanctions on North Korea’s foreign currency earnings to curb its missile development. Despite these sanctions, North Korea managed to earn $6.29 billion through illicit means between 2017 and 2023. Of this total, approximately $1.35 billion was obtained through hacking, with the majority coming from cryptocurrency theft.
The report revealed that North Korea has hacked cryptocurrencies valued at approximately $13.4 billion over the past seven years. In addition, around $6.1 million was stolen in various currencies through the hacking of banks or financial systems. However, most of the attempts to steal traditional currencies were either recouped or resulted in failed hacks. READ MORE
5. North Korean hackers target Google browser to steal cryptocurrency, Microsoft says
A North Korean government-backed hacking group exploited a vulnerability in Google’s open-source browser to steal cryptocurrency, according to Microsoft.
In a blog post, Microsoft Threat Intelligence and the Microsoft Security Response Center revealed that on August 19, they identified a North Korean hacking group exploiting a vulnerability in Google Chromium, an open-source browser. Microsoft stated that this exploit involves a zero-day vulnerability, meaning the hackers targeted the system before a security patch was available.
Microsoft has identified the threat actor as ‘Citrine Sleet,’ a group linked to Bureau 121 of North Korea’s Reconnaissance General Bureau, a cyberwarfare agency. This actor exploited a vulnerability in Chromium, known as ‘CVE-2024-7971,’ to distribute malware. READ MORE
6. Seoul strengthens AI security to protect citizens against cyber threats
The capital of South Korea has enhanced its artificial intelligence security system in an effort to protect its residents from cyber threats.
On September 4, the Seoul government announced a three-year plan to strengthen its AI-based cybersecurity system to protect the city against cyberattacks. This announcement came three months after the city’s official had an interview with The Readable regarding its AI Security Center.
The city has been training AI using cyberattack databases from city-related organizations to develop more effective security operations systems. Seoul disclosed plans to expand its database collection to include external agencies such as the Korea Internet & Security Agency (KISA), which oversees internet information protection in South Korea, and the Korea Local Information Research and Development Institute (KLID), which develops and operates regional administrative systems and clouds. This expansion aims to enhance accuracy in identifying cyber threats. READ MORE
7. AI expert highlights surge in deepfake pornography crimes
Seoul, South Korea—2024 AI Security Day Seminar—An attorney specializing in artificial intelligence stated Thursday that nearly all deepfake crimes involve pornography, with female victims being the most common targets. The lawyer emphasized the urgent need for legislation to address these crimes.
Lee Keun-woo, an attorney at Yoon and Yang LLC, highlighted the growing issue of deepfake cybercrimes at the 2024 AI Security Day Seminar organized by the Ministry of Science and ICT. He expressed concern over the rise of deepfake pornography in South Korea and emphasized the need for stronger regulations to address the problem.
Lee emphasized that 96% of deepfake crimes involve pornography, with women being the primary targets. He noted that requests to remove abusive sexual content quadrupled from January to July 2024 compared to the previous year and warned the situation could worsen in 2025. READ MORE
More stories this week…
8. [Yonhap] Telegram apologizes for handling of deepfake porn content in S. Korea
9. [WSJ] Leaked Disney Data Reveals Financial and Strategy Secrets
10. [US DOJ] Five Russian GRU Officers and One Civilian Charged for Conspiring to Hack Ukrainian Government