South Korean police are investigating a group of North Korea-affiliated hackers for their involvement in stealing approximately 250 files of data related to the nation’s defense technologies.
On December 4, the Seoul Metropolitan Police stated in a press release that North Korean-affiliated cybercriminals carried out attacks against multiple South Korean companies, including those in the defense industry, pharmaceutical firms, and research centers, gaining access to 1.2 terabytes worth of data in total. Among the stolen information, the police explained, was compromised information on crucial technologies, with the most concerning theft being 250 files of essential data including the information on the country’s anti-aircraft defense systems.
The South Korean police, who worked jointly with the Federal Bureau of Investigation (FBI), attribute the cyberattack to the North Korean hacking group Andariel. Andariel is believed to be a sub-group of the Lazarus Group, a team of malicious actors based in North Korea infamous for launching hacking attacks to steal cryptocurrencies for the benefit of the government of North Korea.
Law enforcement officials investigated the cybercriminal’s Gmail account and discovered that the hackers used South Korean servers as a strategic foothold from which to launch their attacks. The North Korean hackers were able to abuse the local servers by utilizing a domestic hosting service which lets people with ambiguous identities use their service as long as a fee is paid. According to the statement, the cybercriminals accessed the South Korean servers 83 times from Ryugyong-dong in Pyongyang from December of last year to March of this year.
The police further disclosed that the North Korean hackers extorted 470 million won ($360,000) worth of bitcoin in ransomware payments from three different companies, both in South Korea and abroad. A portion of the illicit proceeds were laundered through the account of a middleman, with around 110 million won ($84,000) being transferred to a Chinese bank in Liaoning province. The police suspect that the payment was funneled into North Korea by way of a withdrawal of funds made in one of the bank’s branches situated on the Chinese-North Korean border.
“We are conducting an investigation to determine exactly where the hackers exported the [anti-aircraft] technology,” said an official of the Advanced National Security Investigation Team of the Seoul Metropolitan Police to The Readable. The official explained that they could disclose no further details, such as the middleman’s age and nationality, as the investigation is still ongoing.
Meanwhile, on December 5, the South Korean ruling party called for the swift enactment of the Framework Act on Cybersecurity as a means to mitigate escalating threats posed by North Korean hackers.
“According to the intelligence authorities, North Korea executed from between 900,000 to 1,000,000 hacking attempts on average per day in the first half of this year,” said Yu Eui-dong, a South Korean lawmaker and member of the People Power Party’s policy committee during a meeting. “We need to enact a cybersecurity framework quickly, which is still dormant in congress, and establish a national cybersecurity response system.”
