North Korea's hackers target South Korea's hacks

이준혁 2021. 8. 12. 18:51
글자크기 설정 파란원을 좌우로 움직이시면 글자크기가 변경 됩니다.

이 글자크기로 변경됩니다.

(예시) 가장 빠른 뉴스가 있고 다양한 정보, 쌍방향 소통이 숨쉬는 다음뉴스를 만나보세요. 다음뉴스는 국내외 주요이슈와 실시간 속보, 문화생활 및 다양한 분야의 뉴스를 입체적으로 전달하고 있습니다.

North Korea recently conducted numerous hacking attacks on prominent journalists from around 10 South Korean media outlets, according to a cyber-security source who spoke on the condition of anonymity.

North Korea recently conducted numerous hacking attacks on prominent journalists from around 10 South Korean media outlets, according to a cyber-security source who spoke on the condition of anonymity.

According to the source, signs of attempted hacking of media organizations began on Aug. 5. These were tracked to North Korean hackers based on analysis of the tactics and technology employed.

The attacks on people in the media were a shift from the North’s recent cyber intrusions targeting South Korean agenciesand former and current government officials.

The hacking attempts on South Korean media outlets took place in the form of e-mails sent to dozens of reporters and editors. Messages contained PDF attachments and requesting responses to a survey. This also marked a change from the North’s hackers’ previous use of Word and Hangul documents.

Once opened, the PDF attachments downloaded a malicious code onto the victim’s computer, which would check for the presence of anti-virus software before attempting to enter the internal network of the media outlet.

The downloaded malware collected documents and passwords stored on the computer. The code was also capable of monitoring screen activity and, in the case of mobile phones, stealing contact information and photographs.

An official with knowledge of the investigation into the latest hacking attempts said that the motive behind the hacking attacks was “to understand the current political sentiment regarding the U.S.-South Korean joint military drills and next year’s presidential election.”

He added, “Although the hackers sought personal information on the journalists who opened the e-mails, their main targets were the internal networks of media outlets.”

The source noted that the hacking attempts on media outlets bore certain similarities with the May hacking of the Korea Atomic Energy Institute.

In the case of both, hackers used Virtual Private Networks (VPN) utilized by employees to connect directly to their companies’ internal servers.

One weakness of VPNs is that once malware finds its way into a company’s internal network from an e-mail recipient, all information saved on the server can be stolen. It is also possible for such malware to alter articles, fabricate news stories, or destroy the network itself.

Following the ramping up of attacks by hackers tied to North Korea in the first half of this year, the National Intelligence Service (NIS) has raised the cyber alert level for public agencies from the lowest “normal” stage to “attention,” the first rise in the five-tie cyber alert level since the inter-Korean summit between President Moon Jae-in and North Korean leader Kim Jong-un in April 2018.

A slew of hacking attacks on South Korean government bodies and companies, which include Korea Aerospace Industries – the manufacturer of Korea’s first indigenous fighter jet – and Daewoo Shipbuilding and Marine Engineering, have led to criticism that the country has let down its guard against cyber-intrusions.

In early July, opposition People Power Party (PPP) lawmaker Han Ki-ho chastised the Defense Acquisition Program Administration, the country’s main defense development agency, for failing to conduct on-site inspections into defense companies’ security set-ups since last year.

BY MICHAEL LEE, PARK YONG-HAN [lee.junhyuk@joongang.co.kr]

Copyright © 코리아중앙데일리. 무단전재 및 재배포 금지.

이 기사에 대해 어떻게 생각하시나요?