[Weekend Briefing] North Korea, Twitter, cryptocurrency hack

By Kuksung Nam and Dain Oh, The Readable
Jan. 6, 2023 7:33PM KST

“Weekend Briefing” is a weekly newsletter that is sent to The Readable’s subscribers every Friday. Cybersecurity journalists for The Readable carefully select important news stories from the previous week and deliver them in a compact form. Topics encompass cybercrime, geopolitics, and privacy. There are no costs involved with a subscription, and some content, such as the monthly ransomware index report, is only available to those who subscribe to our newsletters.

Hello! This is Kuksung Nam and Dain Oh in South Korea. The Readable has picked four news stories and added our monthly ransomware index report. At the bottom of this article, we also included an opinion article which gives our readers insights regarding upcoming cyberattacks that we expect to see this year. If you have any thoughts to share with the world, please send us your draft. Have a great weekend!

1. Military to form new office to face North Korean nuclear threat

The South Korean military plans to make organizational changes to confront North Korea’s escalating nuclear and ballistic missile threats, the South Korea’s Joint Chiefs of Staff announced December 27. According to a press release, the military will escalate its nuclear and weapons of mass destruction response center, which was initially under the leadership of the Chief Directorate of Strategic Planning, to defend the country from North Korea’s nuclear weapons and missile programs. The new office, the Chief Directorate of Countering Nuclear and Weapons of Mass Destruction, will also play a cooperative role in integrating capabilities across different domains including cybersecurity.

2. Twitter user data in 13GB distributed freely on dark web

Personal information of more than 200 million users of Twitter has been exposed through the underground forum Breached. The affected information includes users’ email addresses, names, numbers of followers, time stamps of account creation, and contact numbers. The dark web user “StayMad” uploaded this database in 13GB on Wednesday, a day after the user joined the forum with the current nickname, making the data available for anyone to download. Seven hours later, another user “ThinkingOne” converted the original database into a spreadsheet format, or CSV, and reuploaded it on the same forum. “The exposed information might not seem sensitive, but it can be used by hackers for wide-ranging phishing attacks against massive targets,” warned a cybersecurity firm S2W who discovered the post on the dark web.

3. North Korean hackers posed as defector lawmaker’s secretary in email scam

North Korean hackers pretended to be a secretary working for the lawmaker Tae Yong-ho, a former North Korean diplomat, to get information about experts in diplomacy, military, and national security, the South Korean police said on December 25. In May of last year, unknown hackers sent malicious emails disguised as official emails from the lawmakers’ office to lure individuals who had participated in a forum hosted by the lawmaker’s office.

The National Police Agency specifically stated that the Kimsuky hacking group, who authorities say work on the behalf of the North Korean government, is considered to be behind the hacking attempt and that Kimsuky has also posed as journalists previously to gain information. On the same day, Tae Yong-ho condemned the North Korean government in a press conference for conducting such an attempt.

4. Stealing cryptocurrency after one’s death: Hacker sentenced to 6 years in prison

A hacking gang stole $6.7 million worth of cryptocurrencies from an account owned by Kim Jung-ju, the deceased founder and former chief executive officer of the online game company Nexon, multiple local news outlets reported. According to Chosun-ilbo, the South Korean newspaper which first reported the news last week, the hackers infiltrated Kim’s account at the Korean cryptocurrency exchange Korbit in May of last year and transferred his assets, such as Bitcoin and Ethereum, to other accounts by making 27 transactions over ten days. After the investigation, a gang member was arrested and sentenced to 6 years in prison in November by the Seoul Eastern District Court.

The crime was discovered when Korbit detected the transactions in the account of the deceased. Kim passed away in February of last year. The cybercriminals allegedly were able to steal Kim’s cryptocurrencies by illegally copying his USIM data and making use of his personal information. USIM is a memory chip used to store users’ sensitive information in cellphones. Divided into different roles, the gang stole their targets’ USIM data and inserted the copied chips into other mobile devices. Once they hijacked telecommunication and authentication data through these devices, they had access to the targets’ accounts at cryptocurrency exchanges. The stolen assets reportedly have not been recovered while the leader of the gang is not taken into custody yet.

5. Ransomware index report: December 2022

The Readable’s subscribers can access a monthly ransomware report by S2W. The report includes specific numbers about ransomware groups and their victims in addition to the numbers of newly opened data leak sites by ransomware groups. By reviewing these numbers, our readers will be able to get an idea of the overall threat landscape of the ransomware ecosystem. Sojun Ryu for The Readable provides reports representing his team’s work regarding threat intelligence. To read the full report, click here.

6. Opinion: New type of cyberattack emerges, harming e-commerce and celebrities

In the field of cybersecurity, threats are typically understood as dangers that take advantage of the vulnerabilities in hardware and software. However, a new type of cybersecurity threat is emerging that involves exploiting internet platforms and e-commerce systems in order to steal profits from other users or the platform itself. This threat does not rely on sending malicious packets or modifying system permissions, but rather on generating a large volume of transactions or manipulating the reputation of users.

In recent years, my team has encountered this kind of threat many times, and we have continued to work with various partners to address their issues. In this article, I would like to share our experiences with them. Below are some of the examples regarding this threat. To read the full article, click here.

hello@thereadable.co

The cover image of this article was designed by Sangseon Kim.

Kuksung Nam is a cybersecurity journalist for The Readable. She covers cybersecurity issues in South Korea, including the public and private sectors. Prior to joining The Readable, she worked as a political reporter for one of the top-five local newspapers in South Korea, The Kyeongin Ilbo, where she reported several exclusive stories regarding the misconduct of local government officials. She is currently focused on issues related to anti-fraud, as well as threats and crimes in cyberspace. She is a Korean native who is fluent in English and French, and she is interested in delivering the news to a global audience.

Dain Oh is an award-winning cybersecurity journalist based in South Korea and the founding editor-in-chief of The Readable by S2W. Before joining S2W, she worked as a reporter for The Electronic Times, the top IT newspaper in Korea, covering the cybersecurity industry on an in-depth level. She reported numerous exclusive stories, and her work related to the National Intelligence Service led to her being honored with the Journalist of the Year Award in 2021 by the Korea Institute of Information Security and Cryptology in a unanimous decision. She was also the first journalist to report on the hacking of vulnerable wallpads in South Korean apartments, which later became a nation-wide issue.