Almost 1,000 North Korean defectors have had their personal data leaked after a computer at a South Korean resettlement centre was hacked, the unification ministry said. A personal computer at the state-run centre was found to have been “infected with a malicious code”.
The ministry said this is thought to be the first large-scale information leak involving North Korean defectors. The hackers’ identity and the origin of the cyber-attack is not yet confirmed. The North Gyeongsang resettlement centre is among 25 institutes the ministry runs to help an estimated 32,000 defectors adjust to life in South Korea.
Read more about this disturbing cyberattack on BBC.
North Korea is hacking computers to mine cryptocurrency to bring extra cash into the country, according to South Korea’s intelligence service. North Korean hackers also continue to hack computers in South Korea and abroad to steal confidential information, the state intelligence agency said in a parliamentary audit, Yonhap News reported.
A U.S. cybersecurity firm revealed in January that it found computers installed with malware, suspected to have been implanted by North Korean hackers, to mine for cryptocurrency Monero and send it to Kim Il Sung University in Pyongyang, according to Chosun Ilbo. Cryptocurrency has emerged as an alternative source of money for the cash-strapped North Korean regime amid tightening international sanctions.
Read more about the North Korean cryptojacking campaigns on UPI.
Cybersecurity researchers from McAfee’s Advanced Threat Research team have discovered a new campaign which focuses on cyberespionage and data reconnaissance. South Korea appears to be the primary target of the campaign, dubbed “Operation Oceansalt,” with five attack waves launched in May against organizations in the country.
The group uses a data reconnaissance implant which became of serious interest to the researchers. Upon further examination, it was discovered that the implant is based on the source code of Comment Crew. Also known as APT1, Comment Crew is an advanced persistent threat (APT) group with links to the Chinese military.
Read more about the newly discovered attack campaign on ZDNet.
Researchers at Trend Micro revealed details of an attack against a major Korean utility company hit by malware designed to wipe the master boot records (MBR) of compromised computers.
According to Trend Micro, the malware is believed to have infected the targeted systems through a vulnerability in the Hangul Word Processor (HWP), a commonly-used application in South Korea. The attackers used a variety of social engineering lures as well.
Read more about the MBR Wiper malware which knocked out the South Korean nuclear plant operations on Security Week.
Last summer Trend Micro observed online banking Trojans that were targeting South Korean banks. Now, compromised sites that contain exploit kits are delivering banking Trojans to site visitors. Some of the banks being targeted include Hana Bank, Nonghyup Bank, the Industrial Bank of Korea (IBK), Shinhan Bank, Woori Bank, Kookmin Bank, and the Consumer Finance Service Center. Once a customer has been infected with malware and is redirected to a phishing site that looks like a legitimate banking website, the criminals are able to steal their credentials.
One interesting characteristic of this particular Trojan is that it is using Pinterest as its command-and-control server to redirect users to various spoofed banking sites,
Read more about the banking trojan which targets South Korean banks using Pinterest as its spreading medium on Cyveillance Blog.
North Korea’s state media on Monday blasted South Korea’s spy agency for alleging that Pyongyang hacked tens of thousands of smartphones in the South using malware disguised in mobile gaming apps.
The South’s National Intelligence Service (NIS) said in a report to parliament last week that the North attempted to hack more than 20,000 South Korean smartphones between May and September.
The agency said it had worked with the owners of South Korean websites and government officials to remove the applications and block hacking channels.
Pyongyang’s official website Uriminzokkiri accused the NIS of fabricating the report to distract attention from a standoff over South Korean activists who send leaflets critical of the North’s regime across the border by balloon.
Read about the political brinkmanship being played between the two hostile neighbours over the hacking scandal on Security Week.