[Weekend Briefing] North Korean hackers are everywhere

By Dain Oh, The Readable
Mar. 31, 2023 8:10PM GMT+9

“Weekend Briefing” is a weekly newsletter that is sent to The Readable’s subscribers every Friday. Cybersecurity journalists for The Readable carefully select important news stories from the previous week and deliver them in a compact form. Topics encompass cybercrime, geopolitics, and privacy. There are no costs involved with a subscription, and some content, such as the monthly ransomware index report, is only available to those who subscribe to our newsletters.


Hello! This is Dain Oh in South Korea. This week, North Korean cyberattacks covered the headlines of South Korean news outlets. It was discovered that the cyber army from Pyongyang infiltrated at least 60 organizations by exploiting a security vulnerability in an authentication software program that was widely adopted across the nation. Apart from this issue, the heads of national cybersecurity convened the first forum in response to North Korean cryptocurrency heists. It is recognized that collaboration between the private and public sector is no longer an option to protect the nation against cyber threats. Along with these stories, I have included several important news articles with this briefing that deal with artificial intelligence, quantum cryptographic devices, and vulnerable CCTVs. Have a great weekend!

1. North Korea exploits authentication software to hack South Korea

North Korean hackers have been exploiting a vulnerability in a popular South Korean authentication software program that is installed on 10 million personal computers and have succeeded in infiltrating 210 devices belonging to 60 organizations so far, the South Korean national security watchdog disclosed on Thursday.

The hacking attack was first acknowledged at the end of last year in a joint investigation between the National Intelligence Service, the National Police Agency, the Korea Internet & Security Agency, and the National Security Research Institute. After analyzing the hackers’ malicious code, the investigators were able to develop a security patch for the exploited software in collaboration with the software company. To read the full story, click here.

2. Security leaders discussed North Korean crypto heists

Heads of national cybersecurity in South Korea convened on Thursday to discuss strategies to deter the escalating hacking attacks carried out by the North Korean regime.

The National Security Research Institute (NSR) and the National Intelligence Service (NIS), the two core government agencies that defend South Korea from cyberattacks, held a half-day convention in Seoul on March 30. In the Cybersecurity Policy Forum, officials and researchers from the National Cybersecurity Center (NCSC), the Institute for National Security Strategy (INSS), and the Korean National Police Agency participated and shared their analysis on North Korean hacking techniques, which have become more sophisticated through cryptocurrencies and their mixers. To read the full story, click here.

3. Hackers claim to breach South Korean tax agency

A ransomware hacking group known as LockBit claimed to have breached the South Korean tax agency’s website.

On Wednesday, the cybercriminals posted the National Tax Service’s domain name on its leak site. A leak site is a website on the dark web where hackers upload the data that they have stolen. LockBit did not disclose the content or the volume of the data that they have gained but stated that they will publish the files on April 1. To read the full story, click here.

4. Korean government removes vulnerable CCTVs after video leak

Designed by Areum Hwang, The Readable

Local governments in South Korea are no longer allowed to use CCTV cameras that have not gone through security verification by an official testing institute. Security standards for video recording devices in the public sector were no more than recommendations, until the intelligence agency raised the bar recently.

According to multiple local news outlets, the National Intelligence Service of South Korea sent out security instructions to public institutions and local governments on March 20, noting that security policies regarding CCTVs have changed from recommendations to obligations. Bound to this decision, local governments started removing unsecure CCTVs, particularly the ones that were not confirmed through security verification. To read the full story, click here.

5. Microsoft adopts latest AI in cyber defense

Microsoft launched an artificial intelligence chatbot designed to ease the workload of cybersecurity professionals.

According to a press release on Tuesday, Microsoft explained that the new tool named “Security Copilot” will act as an assistant for cybersecurity experts. Just like a real-world copilot assists the captain during the flight, the tech giant said that the new product can help professionals to efficiently pick out the important information within the massive volume of data in cyberspace. To read the full story, click here.

6. South Korea embraces quantum cryptographic devices in public sector

The South Korean intelligence agency announced on Monday that they will start security testing on quantum cryptographic devices next week. This means that public institutions in South Korea will be able to adopt devices which are made with quantum cryptography communication technology and qualified through official security testing.

Most of all, it will be the first case in the world for a government agency to establish security requirements for quantum cryptographic devices and put them through security testing, the National Intelligence Service told The Readable. To read the full story, click here.

7. Over 70% of privacy violation victims reach settlement in mediation

Three out of four South Koreans who seek compensation for privacy violations have reached a settlement through the assistance of the nation’s privacy watchdog last year.

According to the Personal Information Protection Commission (PIPC) on Sunday, 206 cases related to conflicts over personal information being compromised have been resolved through the commission’s dispute mediation committee in 2022. This includes 179 cases that have reached agreements before going through the committee’s mediation process, which is an increase of almost 22% compared to the year before. Among them, victims of 114 cases have received financial compensation of 36 million won (roughly $28,000). To read the full story, click here.

hello@thereadable.co

The cover image of this article was designed by Sangseon Kim.


Dain Oh is a distinguished journalist based in South Korea, recognized for her exceptional contributions to the field. As the founder and editor-in-chief of The Readable, she has demonstrated her expertise in leading media outlets to success. Prior to establishing The Readable, Dain was a journalist for The Electronic Times, a prestigious IT newspaper in Korea. During her tenure, she extensively covered the cybersecurity industry, delivering groundbreaking reports. Her work included exclusive stories, such as the revelation of incident response information sharing by the National Intelligence Service. These accomplishments led to her receiving the Journalist of the Year Award in 2021 by the Korea Institute of Information Security and Cryptology, a well-deserved accolade bestowed upon her through a unanimous decision. Dain has been invited to speak at several global conferences, including the APEC Women in STEM Principles and Actions, which was funded by the U.S. State Department. Additionally, she is an active member of the Asian American Journalists Association, further exhibiting her commitment to journalism.