At least 892 South Korean foreign policy experts became victims of cyberattacks carried out by North Korean hackers.
The attacks were meticulous enough to have tricked some of the foreign policy experts into signing into fake websites, said South Korean authorities on Sunday.
Upon signing into the fake websites, the hackers were able to access the victims' login details.
North Korean Hackers Are Believed to be Working For the Government
According to Engadget, the South Korean authorities believe that the North Korean hackers are working for the government.
The attacks targeted members of the think tanks as well as academics, dating back to April.
The attacks started with phishing emails that included links to fake websites with viruses attached.
The cyberattack resulted in the stolen personal data of several prominent experts. Likewise, the email lists of the victims were compromised, meaning more people were exposed to hackers.
In addition, 13 companies, which are primarily online retailers, became victims of ransomware.
The police believe that only 49 recipients actually gave their credentials to the fake sites, while only two companies paid the 2.5 million won ($1,980) ransom.
However, as of the moment, it's difficult to judge the full impact of the cyberattack.
According to South China Morning Post, the police believe that the hackers are the same group behind the Korea Hydro & Nuclear Power hacking in 2014.
This suspicion is based on the IP addresses that indicate the origin of the attack, the attackers' attempts to persuade their targets into signing up for foreign websites, and how they infiltrated and managed the detour servers.
The hackers also used North Korean diction. Moreover, the police take note of the fact that they targeted experts in diplomacy, inter-Korean unification, national security, and defense.
The police claimed that they were investigating a North Korean hacking group called Kimsuky.
Read Also: North Korea's Hackers Use SHARPEXT Malware To Infiltrate Gmail Accounts To Launch Attacks
Cyberattacks on South Korea Are Expected to Continue in 2023
According to the police, they suspect that the North Korean hackers' activities will continue for some time. With this, they urged people to increase the security of their email accounts and other personal databases.
In a press conference held last Thursday, the National Intelligence Service (NIS) also made a prediction that the North Korean cyberattacks will continue next year. The agency forecasted potential threats to the country's cybersecurity in 2023.
Paik Jong-Wook, one of the deputy presidents of the NIS, said that government-backed hackers would keep on launching cyberattacks on Seoul to steal South Korean technologies connected to the nuclear industry, space, and semiconductors.
Similarly, the hackers will likely target technologies related to national defense as well as joint strategies with the US against Pyongyang.
For years, cyber warfare has been a major focus of North Korea. This is despite the fact that the country also seeks to deter foreign militaries using more traditional methods, such as building nuclear weapons.
Cyber warfare has also been a major source of revenue for the country, which has been undergoing a financial crisis and has been largely cut off from the world's markets. North Korean hackers have stolen around $1.72 billion worth of cryptocurrency since 2017.
Related Article: North Korea's Lazarus Hacking Group is Targeting Cryptocurrency, Blockchain Industries Using Crypto Apps
