By Dain Oh, The Readable
Jun. 9, 2023 8:45PM GMT+9
“Weekend Briefing” is a weekly newsletter that is sent to The Readable’s subscribers every Friday. Cybersecurity journalists for The Readable carefully select important news stories from the previous week and deliver them in a compact form. Topics encompass cybercrime, geopolitics, and privacy. There are no costs involved with a subscription, and some content, such as the monthly ransomware index report, is only available to those who subscribe to our newsletters.
Hello! This is Dain Oh in South Korea. This week has been all about North Korea, witnessing a few more investigative reports on Kimsuky and cryptocurrency heists by the cyber army from Pyongyang. In the meantime, a national security blueprint that shows the policy direction of South Korea for the next five years was released by the Office of National Security under South Korean President Yoon Suk-yeol. The drastic change in tone towards North Korean threats has become official by this historic document, standing in contrast to former administrations in Seoul that had been reluctant to speak about North Korean threats, especially regarding cyberattacks. Along with these news stories, our monthly report on ransomware groups is included in this briefing. Have a great weekend!
1. North Korea was mentioned 156 times in Seoul’s new national security strategy
After 13 months since taking the presidential office, the Yoon Suk-yeol administration published its National Security Strategy on Wednesday, identifying North Korean nuclear threats as the most significant challenge facing the nation. Throughout 150 pages, the strategy included the word “North Korea” 156 times in total, signifying the administration’s strong stance against the Pyongyang regime. In the Korean version of the strategy, North Korea was mentioned 143 times across 110 pages. It indicates a radical shift from the previous strategy under the Moon Jae-in administration, which did not address North Korean threats whatsoever.
In the strategy report, the word “cyber” was included 72 times in relation to cyberattacks, cyber warfare, and cybersecurity. Cybersecurity was heavily referred to as “new security threats,” one of the four major security challenges that the Yoon administration identified in its strategy. To proactively respond to emerging security threats and strengthen national cybersecurity capabilities, the policy guide explicitly stated that the administration will pursue the National Cybersecurity Act, which had remained controversial within the nation. This legislation is intended to “establish a national response system to systematically and effectively counter cyber threats that undermine national security.”
The strategy also acknowledges the importance of international cooperation on cybersecurity, mentioning the participation in the Convention on Cybercrime, or the Budapest Convention, and the bilateral cooperation between South Korea and the United States. “Our top priority is to manage the cybersecurity of critical infrastructure, with a special focus on digital government and cloud services that are critical to the daily lives of our citizens,” the strategy stressed.
2. Former high-level officials’ data extorted by North Korean hackers
Three former high-ranking officials of the South Korean government were hacked by North Korean cybercriminals known as Kimsuky, according to the Korean National Police Agency (KNPA) on Wednesday. Three government officials, who worked as ministers or vice ministers, were among nine individuals who have fallen victim to the attackers’ hacking campaign.
“The hackers gained access to their email credentials,” said Park Hyun-joon, the superintendent of the national security investigation command division at KNPA, to The Readable. “We assume that they looked into the victims’ emails for four months.”
The police, along with the National Intelligence Service and the Jeju Provincial Police, investigated 5,800 emails from April to August 2022 and discovered that the hacking group sent malicious emails to 150 individuals. Their targets include past and current high-ranking officials, professors, and experts in diplomacy, military, security, and unification. To read the full story, click here.
3. North Korean hackers behind $35 million crypto theft, experts suspect
North Korean hackers are thought to be behind the latest cryptocurrency theft of at least 35 million dollars, according to cybersecurity experts. In a recent report, Elliptic, a United Kingdom based cryptocurrency analysis firm, linked the cybercriminals who stole digital assets from Atomic Wallet, a cryptocurrency service company, to a well-known North Korean state-sponsored hacking group named Lazarus.
Atomic Wallet suffered a cyberattack which affected less than 1% of their monthly active users, according to the company’s Twitter post on June 5. The company claims to have more than 5 million individual users. Although the firm did not disclose the exact amount of cryptocurrency drained by the cybercriminals, experts estimated that more than 35 million dollars worth of cryptocurrency has been stolen. To read the full story, click here.
4. Marines allegedly mishandled 800 soldiers’ private data
The South Korean marines allegedly uploaded private information of 800 female personnel onto the government’s internal network and replaced the data after soldiers protested for it to be removed, according to the Marine Corps on Friday.
The Marine Corps stated that the sexual distress prevention and response center sent an official document to the Command of the Marine Corps and its military units on May 18, requesting that they identify the status of female personnel who have less than five years of experience.
The document was attached to a file that contained the data of approximately 800 personnel, including officers, noncommissioned officers, and civil military employees, and was uploaded onto the government’s internal network system with limited access. However, it was not restricted from being downloaded. The file contained information such as individuals’ names, affiliated branches, marital statuses, and recruitment processes. To read the full story, click here.
5. Ransomware index report: May 2023
The Readable’s subscribers can access a monthly ransomware report by S2W. The report includes specific statistics about ransomware groups and their victims, in addition to the numbers of newly opened data leak sites by ransomware groups. By reviewing these numbers, our readers will be able to get an idea of the overall threat landscape of the ransomware ecosystem. Jiho Kim, a researcher at S2W, provides reports representing her team’s work regarding threat intelligence. To read the latest report, click here.
The cover image of this article was designed by Sangseon Kim.
Dain Oh is a distinguished journalist based in South Korea, recognized for her exceptional contributions to the field. As the founder and editor-in-chief of The Readable, she has demonstrated her expertise in leading media outlets to success. Prior to establishing The Readable, Dain was a journalist for The Electronic Times, a prestigious IT newspaper in Korea. During her tenure, she extensively covered the cybersecurity industry, delivering groundbreaking reports. Her work included exclusive stories, such as the revelation of incident response information sharing by the National Intelligence Service. These accomplishments led to her receiving the Journalist of the Year Award in 2021 by the Korea Institute of Information Security and Cryptology, a well-deserved accolade bestowed upon her through a unanimous decision. Dain has been invited to speak at several global conferences, including the APEC Women in STEM Principles and Actions, which was funded by the U.S. State Department. Additionally, she is an active member of the Asian American Journalists Association, further exhibiting her commitment to journalism.