[Weekend Briefing] SK shieldus warns Korean companies about ransomware attacks

By Kuksung Nam, The Readable
Aug. 26, 2022 7:53PM KST

Hello, this is Kuksung Nam in South Korea. The Readable has picked five news stories for you. They include one news article by Dain Oh, who is covering the Kaspersky’s annual APAC cybersecurity weekend conference in Phuket, Thailand. With our stories, enjoy your cybersecurity weekend!

1. SK shieldus warns Korean companies about ransomware attacks

South Korea’s leading security company issued a report on Thursday offering detailed coverage of a ransomware group that only targets companies based in its nation. Beginning last year, Gwisin ransomware group has been attacking companies from medical institutions to financial institutions, causing damage and adding worries to both the companies and cybersecurity researchers. In the report, SK shieldus assumed that the Gwisin ransomware group is either a group that speaks Korean or a group that has a hacker who knows the country thoroughly. The private security firm said this assumption is based on three reasons. First, Gwisin is a Korean word for ghost. Secondly, the group only targets South Korean based companies. Lastly, the group has profound knowledge of private companies and cybersecurity agencies in the country. In addition, SK shieldus said that the attackers are developing their methods more maliciously, creating a dark web search engine based on stolen information and threatening end users. “The group is using all means of threat to extort cryptocurrencies from victims. They are putting pressure on the end user and company officials to fulfill their goals,” SK shieldus stated in the report.

2. Researchers point to North Korea for hacking attempts on defense industry

Cybersecurity researchers have discovered hacking activities targeting the South Korean defense industry and pointed to the North Korean state sponsored hacking group for the liability. A report by the South Korean based cybersecurity firm ESTsecurity Security Response Center said on Thursday that the hacking attempts were first detected on August 22 when South Korea and the U.S. started their biggest joint military drills, Ulchi Freedom Shield, in the second half of the year. According to the South Korea and the U.S. defense ministry joint press release last week, the exercise is a response to the increased volume and scale of North Korean missile tests over the past years. ESRC said in the report that the hackers used malicious executable files and phishing pages disguised as the defense industry’s local network log-on service to collect internal information or extort user accounts.

3. Police captured hundreds for selling and buying marijuana on the dark web

The police in South Korea said they have captured 12 people for allegedly selling and distributing marijuana on the dark web and social media. The police also arrested 166 people suspected of buying the drugs from the sellers with cryptocurrency. According to a press release by the Seoul Metropolitan Police on Thursday, the police seized 12 kilograms of marijuana and 136 grams of ketamine and synthetic marijuana while capturing the suspects. More than 90% of the buyers who have been captured were in their 20s and 30s, said the police. In addition, they have found that the dark web operators gave drug sellers the authorization to post advertisements on the site once they had received payment. When a drug transaction was made between the sellers and buyers, the operators sent the payment in cryptocurrency back to the sellers with their charges deducted.

4. Samsung highlights its efforts to protect privacy in Galaxy devices

Sebastian Seung, the head of Samsung Research, is delivering a welcoming speech at the sixth Samsung Security Forum which was held online on Tuesday. Photo by Samsung Newsroom

Samsung held its sixth annual Samsung Security Tech Forum online on Tuesday and emphasized its efforts to protect the personal information of users world-wide from cyber threats. The head of Samsung Research, Sebastian Seung, said that the company “strives for state-of-the-art security across all our devices and across all layers, hardware to software to online services.” This focus echoed throughout the opening keynote speech and an hour and ten-minute session about the recent research at the company. “We believe that privacy cannot be guaranteed without strong security,” said Hwang Yong-ho, the vice president of Samsung Electronics and the head of the Security and Privacy team at Samsung Research, in the opening keynote speech. To read the original reporting, click here.

5. The full picture of Kimsuky operation: Look at the moon, not at the finger

Seongsu Park, Lead Security Researcher for the Global Research and Analysis Team at Kaspersky, is delivering his presentation at the Kaspersky’s APAC Cybersecurity Weekend Conference. Photo by Kaspersky

A Korean-speaking advanced persistent threat group, Kimsuky, has built its capabilities of carrying out cyber-attacks against almost any target that it considers, a cybersecurity researcher warned Thursday. “It takes multi-stages to carry out an APT attack, which involves spear phishing emails and Microsoft Word documents in the initial phases,” Lead Security Researcher for the Global Research and Analysis Team at Kaspersky, Seongsu Park, said at the Kaspersky’s APAC Cybersecurity Weekend Conference. “Cooperating with various law enforcement agencies, I was able to draw a full picture of the Kimsuky operation by putting the last puzzle of its command-and-control (C2) server dimension together,” stressed Park. “In order to respond to sophisticated attacks like APT, it is important to understand not only the malware dimension, but also the C2 server dimension.” To read the original reporting by Dain Oh, click here.


The cover image of this article was designed by Areum Hwang.

Kuksung Nam is a cybersecurity journalist for The Readable. She covers cybersecurity issues in South Korea, including the public and private sectors. Prior to joining The Readable, she worked as a political reporter for one of the top-five local newspapers in South Korea, The Kyeongin Ilbo, where she reported several exclusive stories regarding the misconduct of local government officials. She is currently focused on issues related to anti-fraud, as well as threats and crimes in cyberspace. She is a Korean native who is fluent in English and French, and she is interested in delivering the news to a global audience.