Former high-level officials’ data extorted by North Korean hackers

By Kuksung Nam, The Readable
Jun. 8, 2023 8:26PM GMT+9

Three former high-ranking officials of the South Korean government were hacked by North Korean cybercriminals known as Kimsuky, according to the Korean National Police Agency (KNPA) on Wednesday. Three government officials, who worked as ministers or vice ministers, were among nine individuals who have fallen victim to the attackers’ hacking campaign.

“The hackers gained access to their email credentials,” said Park Hyun-joon, the superintendent of the national security investigation command division at KNPA, to The Readable. “We assume that they looked into the victims’ emails for four months.”

The police, along with the National Intelligence Service and the Jeju Provincial Police, investigated 5,800 emails from April to August 2022 and discovered that the hacking group sent malicious emails to 150 individuals. Their targets include past and current high-ranking officials, professors, and experts in diplomacy, military, security, and unification.

In a press release, the South Korean police explained the cybercriminals’ hacking method in detail. The attackers approached their targets as naturally as possible, requesting a comment on a publication or thesis while pretending to be a professor or researcher. If the victim responded to their email, the attackers then requested that the victim download a large file. Later, the attackers sent additional emails asking the target to enter their email credentials to gain access to the files, which led the victim onto a phishing site.

In addition, the North Korean hacking group sent an appreciation letter after they achieved their goal to avoid suspicion. Furthermore, the attackers used phrases such as “I have added a password to this document for security reasons, as this is an era where there is a lots of hacking” or “Internet Explorer sometimes has errors, so Google Chrome seems to be safe” in their email messages to lure their targets.

Meanwhile, the South Korean police discovered a cryptocurrency wallet address during the investigation. They are looking into the possible cryptocurrency theft conducted by the North Korean hacking group.

The cover image of this article was designed by Sangseon Kim.

Kuksung Nam is a journalist for The Readable. She has extensively traversed the globe to cover the latest stories on the cyber threat landscape and has been producing in-depth stories on security and privacy by engaging with industry giants, foreign government officials and experts. Before joining The Readable, Kuksung reported on politics for one of South Korea’s top-five local newspapers, The Kyeongin Ilbo. Her journalistic skills and reportage earned her the coveted Journalists Association of Korea award in 2021 for her essay detailing exclusive stories about the misconduct of a former government official. She holds a Bachelor’s degree in French from Hankuk University of Foreign Studies, a testament to her linguistic capabilities.