Cybersecurity News that Matters

Cybersecurity News that Matters

[Weekend Briefing] North Korea intensifies full-fledged social engineering campaigns

Designed by Areum Hwang, The Readable

by Dain Oh

May. 03, 2024
9:31 PM GMT+9

“Weekend Briefing” is a weekly newsletter sent to subscribers of The Readable every Friday. Our journalists select important news items from the previous week on topics ranging from privacy to policy development in cybersecurity, all to help you stay abreast of the latest breaking issues. And not only is this provided free of cost to our subscribers, but the briefing contains new content exclusive to subscribers, such as our insightful industrial reports.


This week, two significant alerts were issued concerning North Korea’s ongoing social engineering campaigns. The blockchain security firm SlowMist and a joint cybersecurity advisory from the United States government both issued warnings on the threat. Kuksung Nam analyzed the report from SlowMist, which identified the Lazarus group as the perpetrators behind recent phishing attacks on the professional networking platform LinkedIn.

Additionally, Kimsuky, or advanced persistent threat (APT) 43, which also serves the North Korean regime, appeared on the U.S. government document once again this Thursday. The advisory, issued jointly by the Federal Bureau of Investigation (FBI), the U.S. Department of State, and the National Security Agency (NSA), revealed that North Korean hackers have been sending phishing emails using legitimate domain addresses. These attacks were made possible by exploiting vulnerabilities in a computer system component known as DNS Domain-based Message Authentication, Reporting, and Conformance (DMARC), which allowed the hackers to carry out their attack without needing to infiltrate the network directly.

In an email statement, cybersecurity expert Gary Freas, a Senior Analyst at Google Cloud Mandiant, noted, “We have observed a significant rise in DPRK threat actors exploiting weak DMARC configurations to effortlessly spoof well-known entities at major universities, think tanks, and NGOs.” Freas, further elaborating on the danger, warned, “This exploitation enables such threat actors to target prominent entities in specialized fields and obtain high-priority information for the North Korean regime. They achieve this by masquerading as legitimate users from reputable organizations in order to make contact with their victims.”

Additionally, there were six significant news stories this week that should not be overlooked. Next week, I will be reporting from San Francisco, where the annual RSA Conference is being held. As a result, instead of our usual Friday report, our weekly newsletter will be sent on Saturday, and it will be packed with original stories covered directly from the Moscone Center.

This is Dain Oh reporting from South Korea, and here is your weekend briefing.

1. North Korean hackers target LinkedIn users with fake Chinese profile

Designed by Areum Hwang, The Readable

A North Korean hacking group allegedly disguised itself as a Chinese investor on a social media platform, employing this guise to lure victims into engaging with phishing attacks.

According to the blockchain security firm SlowMist, the Lazarus group allegedly crafted a fraudulent account on LinkedIn named “Nevil Bolson.” Purporting to be an investor and entrepreneur, the user represented himself as a founding partner at the Chinese venture capital firm “Fenbushi Capital.” The imposter replicated the legitimate profile of a Fenbushi Capital partner, making minor alterations to the description section and even using an identical profile photo to enhance its appearance of legitimacy.

SlowMist’s Chief Information Security Officer emphasized that LinkedIn served as a crucial tool for the North Korean hacking group to orchestrate phishing attacks against their targets. In an email statement dated April 30, the CISO highlighted that the hackers leveraged the bogus profile to discreetly engage their victims in conversation, often by discussing investment opportunities. Once they captured the users’ interest, the hackers arranged online meetings where unsuspecting targets were duped into downloading malicious code. READ MORE

2. Ex-shipbuilding worker probed for alleged submarine blueprint leak to Taiwan

Designed by Areum Hwang, The Readable

The South Korean prosecutor’s office is currently investigating a former employee of a shipbuilding company who stands accused of leaking a submarine blueprint to Taiwan. It is alleged that this blueprint was subsequently utilized in the development of Taiwan’s first domestically produced submarine.

During a press briefing on Monday, the National Office of Investigation of the Korean National Police Agency announced that the case concerning the former employee of Daewoo Shipbuilding and Marine Engineering (DSME) had been forwarded to the prosecutor’s office in February. DSME, formerly one of South Korea’s largest shipbuilding companies, is now recognized as Hanwha Ocean.

Local news outlets have reported that in January, the Gyeongnam provincial police initiated an investigation into two individuals suspected of leaking industrial technology. These individuals faced accusations of pilfering a submarine blueprint during their tenure at DSME. READ MORE

3. Court rules use of fingerprints in crime investigation does not violate privacy

Designed by Daeun Lee, The Readable

The Constitutional Court of South Korea ruled on Wednesday that using people’s fingerprints for crime investigation does not violate the privacy rights of South Korean citizens.

In a press release, the Constitutional Court announced its decision to dismiss four appeals challenging the Citizen Registration Act, which occurred on April 25. One of these cases involved an appeal filed in 2020, wherein the appellant raised concerns about privacy violations by South Korean police, particularly regarding the collection and use of fingerprints in criminal investigations. Under the country’s registration law, a resident registration certificate is required to contain the individual’s name, photo, address, and fingerprints, which are then forwarded to the local police station.

According to the court, among the nine judges, four agreed with the appellant, arguing that there is no legal basis for the police to collect citizens’ fingerprint data. They maintained that law enforcement lacks the legal authority to gather and utilize such data in criminal investigations. However, the remaining five judges disagreed, asserting that these actions do not violate privacy rights, citing previous decisions from 2005 and 2015. The court dismisses cases when they fail to garner approval from at least six members. READ MORE

4. South Korean court upholds government’s COVID-19 data collection, dismisses privacy appeal

Designed by Areum Hwang, The Readable

South Korea’s Constitutional Court has upheld the government’s decision to collect personal information during the COVID-19 pandemic, ruling that it does not violate citizens’ privacy rights.

On April 25, the Constitutional Court revealed that the judges unanimously rejected an appeal filed against the Infectious Disease Control and Prevention Act. The appeal argued that the law violated the basic right to control one’s personal information. Additionally, the court dismissed another appeal claiming that the South Korean government exceeded its authority under the legislation by collecting location data, thereby infringing upon citizen’s privacy rights.

A South Korean citizen lodged an appeal in 2020 after receiving a message from the Seoul Metropolitan Government advising those who had visited the Itaewon area to undergo a COVID-19 test. Between April 30 and May 5, South Korea witnessed a significant COVID-19 outbreak in the Itaewon area, during which nearly 153 individuals tested positive. Despite not visiting locations where infected individuals had been identified, the appellant was nevertheless branded a person likely to have been exposed to the virus. Consequently, after dining at an area restaurant and returning home, the individual was classified as a person likely to be a carrier of the virus and targeted with an advisory. READ MORE

5. U.S. urges allies to strengthen restrictions on Chinese semiconductor technology

Designed by Areum Hwang, The Readable

The United States reportedly has requested that its allies in Asia and Europe enhance their restrictions on Chinese chip-making technology, according to a report by the Financial Times on April 26.

The British business news organization reported that the U.S. is urging South Korea, Japan, and the Netherlands to “use existing export controls more aggressively.” Specifically, the report highlighted that the U.S. has requested these allied nations to cease their engineers from “servicing chipmaking tools at advanced semiconductor fabs in China.” The report was able to provide these details based on information gathered from five individuals familiar with the matter firsthand.

The Readable reached out to the Ministry of Trade, Industry, and Energy (MOTIE) and requested comment on whether the South Korean government had been urged by the U.S. to comply with this request. However, an official of MOTIE declined to comment, stating that “It is an internal matter.” READ MORE

6. South Korea discusses sharing defensive technologies with US, UK, and Australia

Left to right: Penny Wong, Australia’s Foreign Minister, Richard Marles, Australia’s Defense Minister, Cho Tae-yul, South Korea’s Foreign Minister, and Shin Won-sik, South Korea’s Defense Minister, hold a press conference after the 6th meeting between South Korea and Australia’s defense and foreign ministers in Melbourne on May 1. Source: Ministry of Foreign Affairs

On Wednesday, South Korea and Australia discussed the possibility of South Korea engaging in a partnership with the United States, the United Kingdom, and Australia, in which the member nations would share advanced defensive technologies.

During a press conference held after the 6th meeting between South Korea and Australia’s defense and foreign ministers in Melbourne, Shin Won-sik, the Minister of National Defense, highlighted that the two countries discussed the possibility of South Korea partnering with AUKUS in the pillar 2 program. “We welcome that AUKUS members are considering South Korea as the AUKUS piller 2 partner. South Korea’s defense and science technology capabilities will contribute to the peace and stability of the AUKUS pillar 2’s development,” said the defense minister.

AUKUS is a trilateral defense and security partnership established in 2021 between the U.S., U.K., and Australia to counter China’s growing influence in the Indo-Pacific region. It consists of two stages. The first stage, known as pillar 1, involves supporting Australia in acquiring nuclear-powered submarines. The second stage encompasses cooperation in developing advanced military technologies, including cyber and electronic warfare capabilities, artificial intelligence, quantum technology, and innovation, along with information sharing. READ MORE

More stories this week…

7. [European Commission] Commission opens formal proceedings against Facebook and Instagram under the Digital Services Act

8. [ExecutiveGov] NASA urged to incorporate cybersecurity best practices into spacecraft acquisition policies

9. [Amnesty International] A web of surveillance: unravelling a murky network of spyware exports to Indonesia

10. [The Guardian] No more 12345: devices with weak passwords to be banned in UK

Subscription

Subscribe to our newsletter for the latest insights and trends. Tailor your subscription to fit your interests:

By subscribing, you agree to our Privacy Policy. We respect your privacy and are committed to protecting your personal data. Your email address will only be used to send you the information you have requested, and you can unsubscribe at any time through the link provided in our emails.

  • Dain Oh
    : Author

    Dain Oh is a distinguished journalist based in South Korea, recognized for her exceptional contributions to the field. As the founder and editor-in-chief of The Readable, she has demonstrated her expe...

    View all posts
Stay Ahead with The Readable's Cybersecurity Insights