North Korean state-backed hackers have targeted at least 892 foreign policy experts from South Korea to steal their personal data and email lists as well as carried out ransomware attacks against online retailers, South Korea’s National Police Agency revealed.
According to the authorities, the attacks mainly targeting think tank experts and professors, began as early as last April, and involved spear phishing emails sent from multiple accounts posing as South Korean officials. These emails included a link to a fake website, or malicious attachment designed to infect systems with malware.
The agency said that several prominent experts had fallen victim to the attacks and had their personal data stolen, email lists compromised as the result.
It was also the first time the police observed North Korean hackers using ransomware in their attacks. Thirteen companies, mainly online retailers, were hit with ransomware attacks, but only two of them paid the 2.5 million won ($1,980) ransom.
The police said that the hackers laundered their IP addresses and employed 326 “detour” servers in 26 countries to make it difficult to trace them online. The authorities suspect that the the threat actor behind the attacks is the same group that hacked Korea Hydro and Nuclear Power in 2014.
Last week, South Korea’s National Intelligence Service (NIS) revealed that North Korean hackers have stolen an estimated 1.5 trillion won ($1.2 billion) in cryptocurrency and other virtual assets in the past five years, including about 800 billion won ($626 million) this year alone.