Cybersecurity News that Matters

Cybersecurity News that Matters

[Weekend Briefing] South Korea issued sanctions on North Korean hackers

by Dain Oh

Feb. 10, 2023
11:15 AM GMT+9

By Kuksung Nam and Dain Oh, The Readable
Feb. 10, 2023 8:15PM KST Updated Feb. 14, 2023 9:30PM KST

“Weekend Briefing” is a weekly newsletter that is sent to The Readable’s subscribers every Friday. Cybersecurity journalists for The Readable carefully select important news stories from the previous week and deliver them in a compact form. Topics encompass cybercrime, geopolitics, and privacy. There are no costs involved with a subscription, and some content, such as the monthly ransomware index report, is only available to those who subscribe to our newsletters.


Hello! This is Kuksung Nam and Dain Oh in South Korea. The South Korean government and intelligence agencies have issued unprecedentedly high levels of sanctions and advisories on North Korea this week. The announcements target illicit activities in cyberspace which have been allegedly orchestrated by the North Korean regime and came out consecutively from two different government bodies, including the Ministry of Foreign Affairs and the National Intelligence Service. Both agencies told The Readable that two publications were planned separately, leaving questions about the timing of their announcements. In an answer to a question about this coincidence, the spy agency denied disclosing further details.

For the last two weeks, The Readable has published several news articles that have given our readers fresh insights about data protection regulations around the Asia Pacific region as well as the importance of Portable Document Format (PDF) security. You can find those articles in this week’s briefing below. Have a great weekend!

1. South Korea issued sanctions on North Korean hackers

Source: The Ministry of Foreign Affairs, Republic of Korea

The South Korean government imposed sanctions on four North Koreans and seven North Korean linked organizations for their alleged involvement in illegal cyber activities as a means to fund the country’s nuclear weapon and missile program. The movement is largely symbolic, as it is the first ever unilateral sanctions against North Korea’s cyber threats.

According to a statement by the Ministry of Foreign Affairs on Friday, the sanctions targeted organizations including North Koreans state sponsored hacking groups such as Lazarus Group, Bluenoroff, and Andariel. These three groups were also added to the U.S. sanction list in September 2019. The South Korean foreign ministry stressed that they have sanctioned three individuals and three organizations for the first time, including “Lab 110,” which authorities and experts believe to be a cyber-focused North Korean military unit that is suspected of stealing cryptocurrencies and deploying cyberattacks.

Source: The Ministry of Foreign Affairs, Republic of Korea

2. South Korea, US announced joint advisory on North Korean ransomware attacks

The National Intelligence Service (NIS) and multiple government agencies in the United States, such as the National Security Agency (NSA) and the Federal Bureau of Investigation (FBI), announced a joint cybersecurity advisory on North Korean ransomware attacks which have evolved into serious threats to healthcare and critical infrastructure around the world. The announcement was made simultaneously by two nations, which fell on February 10 in Korea and February 9 in the U.S.

According to a press release by the NIS, this was the first joint cybersecurity advisory between the South Korean and the U.S. intelligence agencies. “[The joint cybersecurity advisory between the two countries] shows that the intelligence agencies in South Korea and the U.S. are closely cooperating in a response to malicious cyber activities by North Korea,” said the NIS. “Recently, North Korea is focusing on healthcare institutions in the world by conducting hostile cyber activities against them, with an aim to extort money while avoiding tracking by abusing ransomware and cryptocurrency,” added the agency.

Rob Joyce, Director of Cybersecurity at the NSA, wrote on a Tweeter post that the “DPRK is actively ransoming healthcare and other critical infrastructure victims. Don’t give DPRK actors easy entry into your networks.” The U.S. government stated in its advisory that “the authoring agencies assess that an unspecified amount of revenue from these cryptocurrency operations supports DPRK national-level priorities and objectives, including cyber operations targeting the United States and South Korea governments.” In the joint advisory, the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Department of Health and Human Services (HHS), and the South Korean Defense Security Agency (DSA) participated along with the NIS, the NSA, and the FBI.

Source: Rob Joyce, Director of Cybersecurity at the U.S. National Security Agency

3. Meta fined 6.6 million won in South Korea’s privacy probe

South Korea’s privacy watchdog on Wednesday imposed a 6.6 million won ($5,225) fine on Meta after an internal investigation found it breached the country’s privacy law. According to the Personal Information Protection Act, communication service providers should not reject users who decided to share minimum information, which is only the data necessary for the performance of the service.

The Personal Information Protection Commission (PIPC) stated that Meta allowed users to use their service on the condition of providing their online behavior information on other websites. The PIPC concluded that the information Meta requested could not be regarded as the minimum information regulated in the law, hence the company’s business practice breaches the nation’s privacy law. This is not the first time South Korean regulators fined the company. Last year, the PIPC imposed a fine of 30.8 billion won ($24 million) over a privacy violation.

4. Increasing certainty in digital privacy: new research advances accountability-based approach

Josh Lee Kok Thong, Managing Director of the Future of Privacy Forum’s (FPF) APAC office. Photo by Josh Lee Kok Thong, FPF. Designed by Areum Hwang, The Readable

How long does it take for you to click the “I agree” button when asked to share your personal information while accessing online services? It does not take even a few seconds because we do it almost automatically. Although we have not read the service terms, we often take full responsibility for a potential breach of the data that we provided and face unexpected consequences following the mistreatment of personal data due to the devious agreement.

As an alternative to the consent-based privacy practices which have been proven ineffective for quite a while, a global non-profit organization has called for greater convergence and interoperability, guided by the principle of accountability, in the Asia-Pacific (APAC) data protection landscape. The organization’s months-long research has recently culminated in the publication of a comparative analysis report for the region. The Readable spoke with Josh Lee Kok Thong, Managing Director of the Future of Privacy Forum’s (FPF) APAC office, regarding the new publishment “Balancing Organizational Accountability and Privacy Self-management in Asia-Pacific.” The interview took place over a virtual meeting between Singapore and South Korea on January 19. To read the full article, click here.

5. Opinion: Collaborative effort needed to curb PDF security threats

Thomas Park, General Manager of Korea Operations at Foxit Software. Photo by Thomas Park, Foxit Software. Designed by Areum Hwang, The Readable

Portable Document Format (PDF) security is critical in today’s digital age because PDF is widely used as a standard for sharing documents with external parties. Created by Adobe’s founder in 1993, PDF has become a dominant file format for digital communication over the past 30 years. However, its ability to contain objects and files, while also allowing for the integration of XML or JavaScript, makes it a favored tool among threat actors, who use it as a decoy for payload downloading. It is for this reason that many cybersecurity experts jokingly say that “PDF” stands for “Payload Download Files.” Email recipients should be vigilant when opening attachments, as sophisticated phishing emails are a common tactic and the most widely used fake document is the PDF. To read the full article, click here.

6. Ransomware index report: January 2023

Designed by Areum Hwang, The Readable

The Readable’s subscribers can access a monthly ransomware report by S2W. The report includes specific numbers about ransomware groups and their victims in addition to the numbers of newly opened data leak sites by ransomware groups. By reviewing these numbers, our readers will be able to get an idea of the overall threat landscape of the ransomware ecosystem. Sojun Ryu for The Readable provides reports representing his team’s work regarding threat intelligence. To read the current report, click here.

[email protected]

The cover image of this article was replaced on Feb. 14 and designed by Sangseon Kim.


Kuksung Nam is a cybersecurity journalist for The Readable. She covers cybersecurity issues in South Korea, including the public and private sectors. Prior to joining The Readable, she worked as a political reporter for one of the top-five local newspapers in South Korea, The Kyeongin Ilbo, where she reported several exclusive stories regarding the misconduct of local government officials. She is currently focused on issues related to anti-fraud, as well as threats and crimes in cyberspace. She is a Korean native who is fluent in English and French, and she is interested in delivering the news to a global audience.

Dain Oh is an award-winning cybersecurity journalist based in South Korea and the founding editor-in-chief of The Readable by S2W. Before joining S2W, she worked as a reporter for The Electronic Times, the top IT newspaper in Korea, covering the cybersecurity industry on an in-depth level. She reported numerous exclusive stories, and her work related to the National Intelligence Service led to her being honored with the Journalist of the Year Award in 2021 by the Korea Institute of Information Security and Cryptology in a unanimous decision. She was also the first journalist to report on the hacking of vulnerable wallpads in South Korean apartments, which later became a nation-wide issue.

Subscription

Subscribe to our newsletter for the latest insights and trends. Tailor your subscription to fit your interests:

By subscribing, you agree to our Privacy Policy. We respect your privacy and are committed to protecting your personal data. Your email address will only be used to send you the information you have requested, and you can unsubscribe at any time through the link provided in our emails.

  • Dain Oh
    : Author

    Dain Oh is a distinguished journalist based in South Korea, recognized for her exceptional contributions to the field. As the founder and editor-in-chief of The Readable, she has demonstrated her expe...

    View all posts
Stay Ahead with The Readable's Cybersecurity Insights