Seoul is investigating an email-based cyber attack in which the sender impersonated the South Korean Ministry of Unification (MOU), the ministry announced on Friday, while declining to confirm reports that Pyongyang is linked to the phishing email.
The unification ministry took the measures after identifying the problem on Thursday, spokesperson Baik Tae-hyun told a press briefing.
The infected email containing a file originally written by the unification ministry and was distributed by a hacker group to targets earlier in the week.
Baik said the attached file is “identical” to a three-page HWP file of analysis of a New Year’s Speech delivered by North Korean leader Kim Jong Un on Tuesday, sent to reporters and experts the same day.
“The Ministry of Unification notified the situation to major related organizations including National Cyber Security Center, Cyber Investigation Division at the Korean National Police Agency, and Ministry of Science and ITC,” the MOU spokesperson told assembled media.
“An investigation over the hacking has been underway in coordination with relevant agencies.”
Baik said the hacker group had used an advanced persistent threat (APT) featuring “an email and attached file which can draw the attention of targets for hacking.”
The hackers intended that the targets open the file to infect their computer with malicious code, the spokesperson explained, asking that reporters “pay particular attention” not to open files distributed by unknown senders.
Friday’s comments comes a day after a report by Radio Free Asia (RFA) accused Pyongyang of being behind the attack, citing a Seoul-based software development company ESTsecurity.
Spokesperson Baik declined to confirm those reports, however, saying Seoul would “wait for the outcome of the investigation.”
ESTsecurity on Thursday said a keylogger — which can be used to track a victim’s keystrokes — was activated when opening the file.
The collected information from the infected computer was delivered to the hacker group through the email account of a South Korean portal site, they added.
ESTsecurity also alleged that the same hacker group had in the past launched a series of APT-form cyber espionage with the same shellcode in order to steal information on security, diplomacy, and unification.
Cyber attacks have been launched “continuously” and “very actively,” the group claimed, also alleging that the same group in late December had attempted to obtain information on defectors living in South Korea.
They were also behind a hacking attack on the ROK state-run nuclear reactor operator Korea Hydro and Nuclear Power (KHNP) back in December 2014, the company added.
This is not the first time Seoul has admitted to phishing emails impersonating the government being distributed to experts and reporters.
In November, the Blue House announced that it had requested the police investigate a case in which an email purporting to be from the presidential National Security Office (NSO) was sent to foreign policy experts.
Friday’s announcement also following the unification ministry’s admission last month that hackers had succeeded in stealing the personal information of 997 North Korean defectors in Gyeongsang province.
The breach took place after a computer at a government-run defector “Hana” resettlement center was infected with malicious code.
MOU spokesperson Baik said Wednesday that has informed “around 650” of the defectors involved in the hacking and issued an additional apology on the part of the ministry.
Around 30 complaints have been filed with the unification ministry following the breach, the spokesperson said, adding Seoul has received requests to either remove or change personal information amid concerns about defectors’ families in North Korea.
“The government, in tandem with relevant organizations, will come up with measures swiftly to resolve complaints so that defectors can feel safe,” Baik said.
“The government will supervise and monitor the Hana Center more thoroughly to prevent the recurrence of this incident, and make the utmost efforts to enhancing the legal and institutional framework to tighten personal information protection and strengthen the security of the system…”
Seoul has declined to confirm who was responsible for the breach, citing the ongoing investigation.
Pyongyang has in the past been blamed for multiple cyber attacks, including 2017’s WannaCry ransomware attacks which affected some 200,000 computers across the globe.
The U.S. government in November released two joint Technical Alerts (TA) on techniques used by the North in cyberattacks on U.S. and global entities.
Edited by Oliver Hotham
Featured Image: Pixabay
Join the influential community of members who rely on NK News original news and in-depth reporting.
Subscribe to read the remaining 752 words of this article.