The South Korean intelligence agency issued a warning on Wednesday after discovering a duplicated fake website of the internet giant Naver created by North Korean state-sponsored hackers.
In a press release, the National Intelligence Service (NIS) stated that they discovered a phishing website nearly identical to Naver and attributed the hacking attempt to North Korean hackers. The cybercriminals created a fake website under a domain address “www.naverportal.com,” adding the word “portal” to the original address. South Koreans usually refer to the largest internet company’s webpage as Naver since it serves as the biggest search engine in the country.
According to the evidence disclosed by the intelligence agency, the attackers have meticulously copied the country’s most well used website and its subpages, making it impossible for users to discover the difference with the naked eye. The NIS explained that the cybercriminals are evolving their attacking methods to heighten their chances of extorting South Koreans’ personal information.
Until recently, North Korean hacking groups have created fake sign in pages and lured users to enter their credentials. According to a report issued by the NIS last May, which analyzed North Korea attributed cyberattacks from 2020 to 2022, 74% of their illegal activities were conducted through compromised emails. In those online messages, the hackers impersonated themselves as Naver 45% of the time and sent false security alert notices to trick users.
The NIS strongly advised South Koreans to cut off access to any other domain address except for the internet giant’s official one. “We have informed associated agencies about this hacking attempt, and they are working on blocking the phishing website,” said the NIS in the statement. “We are tracking state-sponsored hacking groups’ activities by sharing intelligence with foreign organizations, as the phishing site’s server is based aboard.”
