“Weekend Briefing” is a weekly newsletter sent to subscribers of The Readable every Friday. Our journalists select important news items from the previous week on topics ranging from privacy to policy development in cybersecurity, all to help you stay abreast of the latest breaking issues. And not only is this provided free of cost to our subscribers, but the briefing contains new content exclusive to subscribers, such as our insightful industrial reports.
South Korea’s Defense Ministry experienced distributed denial-of-service (DDoS) attacks this week, causing temporary outages. While the government investigation found links to Russian hackers, the involvement of North Korea, while suspected, remains unclear. A South Korean thinktank also reported on three North Korean generals currently stationed in Russia, including Ri Chang-ho, head of the Reconnaissance General Bureau (RGB) and deputy chief of the General Staff. Additionally, South Korea’s cybersecurity agency issued a warning about an increase in the number of cyber threats stemming from military cooperation between North Korea and Russia.
New research on North Korean hackers reveals that these malicious actors have expanded their operations by collaborating with other ransomware gangs.
This is Dain Oh reporting from South Korea, and here is your weekend briefing.
1. South Korean defense ministry websites hit by DDoS attacks, suspected involvement of pro-Russian hackers – South Korea’s Dong-a Ilbo
Several South Korean government websites, including those of the Ministry of National Defense and the Joint Chiefs of Staff, experienced disruptions this week due to distributed denial-of-service (DDoS) attacks, which were the cause of temporary outages. Authorities are investigating, with initial findings suggesting the involvement of three hacker groups believed to be Russian or pro-Russian. The attacks are suspected to be in retaliation to a perceived likelihood of South Korea soon providing military support for Ukraine.
DDoS attacks flood a website or online service with excessive traffic, overwhelming its servers and rendering it temporarily inaccessible. To counter the attacks, the military has implemented blocking measures and is tracking IP addresses associated with the DDoS traffic. Although no breaches have affected internal networks used for operations or training, analysts are assessing the attacks in comparison with previous cases. Speculation suggests the cyberattacks may be a reaction to Ukraine’s anticipated request for military assistance from South Korea.
2. Profiles of North Korean generals deployed to Russia: special forces leadership and intelligence expertise – South Korea’s Sejong Institute
Kim Yong-bok: Colonel General Kim Yong-bok, the chief commander of North Korea’s special forces, leads the North Korean troops deployed in Russia. Known for his expertise in special operations, Kim has trained and commanded elite units like the Storm Corps and oversees combat training through the Light Infantry Training Guidance Bureau. His deployment signals North Korea’s intent to integrate highly trained special forces into Russian operations, particularly for complex, high-risk missions. Kim is expected to serve as a representative of Kim Jong-un, managing tactical decisions and coordinating with Russian forces.
Ri Chang-ho: As the head of the Reconnaissance General Bureau (RGB) and Deputy Chief of the General Staff, Colonel General Ri Chang-ho brings intelligence and infiltration expertise. Leading North Korea’s primary intelligence agency since 2022, he has orchestrated cyber espionage missions and tactical reconnaissance operations. Ri’s presence in Russia suggests that North Korean forces may be engaged in specialized reconnaissance and covert operations, as well as coordination efforts to support Russia’s military strategy in Ukraine.
Sin Kum-cheol: Major General Sin Kum-cheol, a relatively lesser-known figure, is expected to assume a leading role in the command structure of North Korean troops in Russia once Kim and Ri depart. Although limited details are available about his career, Sin’s rank and operational role indicate he will ensure continuity in command and maintain coordination between North Korean and Russian units. His deployment underscores North Korea’s layered command approach, suggesting a preparation for sustained involvement alongside Russian forces in Ukraine.
- Related article: [Reuters] Who are the North Korean generals Ukraine says are in Russia?
3. North Korea’s troop deployment to Russia spurs increased cybersecurity threats, warns Korean agency – South Korea’s Yonhap
North Korea’s reported troop deployment in support of Russia in the Russia-Ukraine conflict has heightened cybersecurity risks, according to the Korea Internet & Security Agency. The agency advised South Korean institutions and companies to strengthen security measures, warning that increased geopolitical tensions could lead to a surge in cyberattacks.
The Korea Internet & Security Agency (KISA) recommended closely monitoring key IT systems and websites to guard against potential distributed denial-of-service (DDoS) attacks from Russian hacking groups. KISA urged organizations to maintain regular offline backups of essential files, train staff to recognize and avoid malicious email attachments and links, and keep all software updated with the latest security patches. In the event of a DDoS attack, KISA advised contacting its Internet Incident Response Center for assistance. Additionally, small and medium-sized businesses can apply for DDoS defense services through KISA.
Meanwhile, a Russian-linked hacker group recently claimed to have targeted a South Korean grain storage facility, though KISA has yet to confirm the alleged breach.
4. North Korean hackers teaming up with notorious Play ransomware gang, Palo Alto findings say – The Readable
A North Korean-backed hacking group dubbed Jumpy Pisces has teamed up with a prominent ransomware collective, according to threat research out last week from Palo Alto Networks.
The report indicates that a recent ransomware incident revealed an unusual alliance between North Korean hackers and the infamous Play ransomware gang. However, the specifics of the attack and the methods Palo Alto’s Unit 42 threat intelligence team used to confirm the collaboration were not fully disclosed.
The DPRK operatives are believed to be linked to the regime’s Reconnaissance General Bureau. This collaboration—the first observed of its kind—suggests North Korea may be shifting its focus from standard espionage and financial theft to more advanced ransomware attacks. READ MORE
5. South Korea and UK deepen cybersecurity cooperation amid global threats – UK government
The 4th ROK-UK Cyber Dialogue took place in London, co-chaired by UK Cyber Director Andrew Whittaker and South Korean Ambassador Rhee Dong-yeol. About 50 officials from both countries’ cybersecurity agencies attended. Discussions focused on strengthening the Strategic Cyber Partnership, cybersecurity deterrence strategies, countering organized cybercrime and ransomware, and improving cyber skills. Both sides expressed concern over state-backed malicious cyber activities, particularly threats from North Korea, Russia, and China.
A notable outcome of the dialogue was the announcement of the Defence Cyber Marvel (DCM4) exercise, set to take place in Seoul in February. This will be the first time the British Army Cyber Association’s flagship exercise is held outside Europe. Supported by the UK’s Integrated Security Fund, the exercise will involve international teams defending against cyberattacks, highlighting the strong cyber collaboration between the UK and South Korea. Both nations committed to continued close cooperation on cybersecurity initiatives in response to evolving global threats.
6. Trust is key to adopting AI in finance, says Google Cloud Korea director – The Readable
The country director of Google Cloud Korea emphasized that trust is crucial for adopting artificial intelligence in the finance industry. While many financial firms are already investing in and using AI, he noted, these technologies can also introduce security risks. Therefore, building trustworthy AI systems is essential, he said.
Chi Ki-sung, Country Director at Google Cloud Korea, delivered the keynote speech “New Path for Finance in the AI Era” on Thursday at FISCON 2024, a financial information security conference hosted by the Financial Security Institute (FSI).
Chi noted that AI is gaining importance in the financial industry, with 41 percent of financial companies in the Asia-Pacific region now investing in generative AI. Half of these firms believe AI will become a key digital medium, highlighting the potential for financial technology and platform providers to leverage AI in delivering innovative services to customers. READ MORE
7. Former SK Hynix employee sentenced for leaking semiconductor technology – South Korea’s Chosun Ilbo
A former Chinese employee at SK Hynix was sentenced to 18 months in prison and fined 20 million won (about $14,000) for leaking critical semiconductor technology. The Suwon District Court found her guilty of printing 4,000 pages of documents containing key solutions for reducing semiconductor defects just before resigning from SK Hynix in 2022. Although the ex-employee claimed she printed the documents for study and transition purposes, the court found her explanation unconvincing, concluding that her actions were likely intended to enhance her career, particularly after she quickly moved into a high-paying position at Huawei.
The court highlighted the unusual circumstances of the ex-employee printing such a large volume of sensitive material during her final days at the less secure Shanghai branch and suggested she may have transported the documents offsite in personal bags. While the court acknowledged no clear evidence that the leaked technology was used by Huawei or caused damage to SK Hynix, it deemed the suspect’s intent sufficient for a guilty verdict.
Editor’s note: The summaries of each article were initially created by ChatGPT 4o and edited by Dain Oh. Minkyung Shin contributed to this reporting.
