Tag Archive for: Korean

South Korea’s Battle Against North Korean Hackers

/in


In the dimly lit corridors of digital warfare, a new chapter unfolds as South Korean authorities mount a determined response to a series of cyberattacks that bear the hallmark of a familiar adversary. This isn’t just a skirmish in the nebulous realm of cyberspace; it’s a direct assault on the country’s judicial backbone, compelling the National Police Agency to take unprecedented action against a threat that’s as intangible as it is insidious.

The Frontline: Supreme Court Servers Under Siege

The serene city of Seongnam, merely a stone’s throw from the bustling capital of Seoul, found itself at the epicenter of this cyber confrontation. Here, within the premises of the Supreme Court’s digital data bureau, police initiated search and seizure operations aimed at reclaiming sovereignty over servers that fell victim to the cyberattacks orchestrated by the Lazarus Group, a notorious entity with indelible ties to North Korea. The operations, marking a significant escalation in the fight against cyberterrorism, commenced on February 13th, signaling a clear intent to safeguard national security interests.

A Persistent Threat: The Lazarus Group’s Shadow

The Lazarus Group isn’t a new player on the global stage of cyberterrorism. Known for its sophisticated attacks and elusive operations, this North Korean-affiliated collective has cast a long shadow over international cybersecurity efforts. The breach of the Supreme Court servers is but the latest in a series of provocations that underscore the group’s audacious approach to digital espionage and sabotage. By targeting the judicial system, the attackers not only compromise sensitive legal information but also challenge the very integrity of South Korea’s governance structures.

Securing the Digital Frontier: Response and Repercussions

In response to this brazen incursion, the National Police Agency’s cyber terror division has not only intensified its efforts to recover and secure the compromised servers but also to assess and mitigate the impact of the breach. These efforts are emblematic of a broader struggle to protect critical infrastructure from the increasingly sophisticated…

Source…

South Korean Agencies Investigate $82M Orbit Bridge Hack

/in


Orbit Bridge HackOrbit Bridge Hack
Source: DALL·E

Orbit Bridge, which serves as the main bridge for the Claytont ecosystem, was exploited for nearly $82 million hours before the new year’s eve. Multiple South Korean agencies are currently investigating the multi million hack.

Allegations have emerged identifying North Korea’s hacking group, ‘Lazarus,’ as the orchestrator of the exploit, prompting several South Korean National Intelligence Service (NIS) to intervene for a comprehensive investigation.

The bridge was utilized by prominent Korean domestic platforms such as Kakao’s blockchain platform Claytont and WEMIX, a blockchain project by WEMADE.

Intelligence Agencies Investigate the Exploit


The NIS’s involvement in determining the perpetrator of the attack signifies an unusual level of engagement for a blockchain-related virtual asset theft. According to Orbit Bridge’s operating company, OZYS, they promptly reported the asset misappropriation incident to the Korea Internet & Security Agency (KISA) and the National Police Agency on January 1st, complying with mandatory reporting obligations under the Information and Communication Network Act.

The NIS commented on the ongoing investigation, stating, “We are currently investigating the cause and the perpetrator of the incident. While no direct link to North Korea has been confirmed so far, we are collaborating with relevant agencies and considering the possibility,” local news media reported.

NIS Involvement in Investigation Deemed Unusual


The incident follows a pattern observed in the cryptocurrency space where cybercrime incidents trigger the involvement of agencies like the Cyber Investigation Division of the National Police Agency and KISA. However, the inclusion of the NIS in this case is deemed exceptional.

OZYS has actively cooperated with the investigation, notifying authorities promptly and seeking assistance from global blockchain analysis firms such as UPsala Security and the TON Foundation.

As the fallout from this incident reverberates not only within the Claytont…

Source…

Beware: North Korean Hackers Allegedly Have New Modus Operandi To Steal Your Crypto

/in


KEY POINTS

  • Rogue actors allegedly backed by North Korea have stolen data from nearly 1,500 victims between March and October
  • The majority of the victims are from the private sector and 57 from incumbent or retired government officials
  • When the scam email was opened or the phishing link was clicked on, the victim’s computer would be infected with malware

The South Korean National Police Agency has warned people against North Korean malicious actors and hackers, who have been impersonating government agency officials and journalists to steal cryptocurrencies.

Rogue actors allegedly backed by the hermit country have stolen data from nearly 1,500 victims between March and October, the majority of whom were from the private sector and 57 from incumbent or retired government officials, the local media reported quoting the South Korean National Police Agency.

Malicious actors pretended to be officials from South Korea’s National Pension Service, National Health Insurance, National Tax Service and National Police Agency to send phishing emails to recipients.

When the scam email was opened or the phishing link was clicked on, the victim’s computer would be infected with malware, following which the hackers would harvest data, including personal information.

Hackers also stole user IDs and profiles of 19 victims to access their cryptocurrency trading accounts, according to the police authorities, although they did not disclose the amount of crypto assets stolen by cybercriminals.

North Korea’s hacking efforts have grown in scale and scope in 2023, according to authorities who revealed that “last year, they stripped virtual assets by distributing ransomware. That coerced victims to pay money and valuables to regain their property. ” However, this year, malicious actors have become more aggressive in phishing, which has resulted in the authorities shutting down 42 phishing websites.

It was reported earlier this month that North Korean hackers linked to the notorious cybercriminal group Lazarus Group, purportedly operating on behalf of North Korea, were impersonating blockchain engineers on Discord using social engineering techniques.

Victims reportedly download a malicious ZIP file, convinced they were…

Source…

North Korean Hacking Alert Sounded by UK and South Korea

/in


Cryptocurrency Fraud
,
Cybercrime
,
Endpoint Security

Supply Chain Attacks: Hackers Target Zero-Days in Widely Used Software, Alert Warns

Akshaya Asokan (asokan_akshaya) •
November 23, 2023    

North Korean Hacking Alert Sounded by UK and South Korea
North Korean monument to the founding of the Korean Workers’ Party. (Image: Shutterstock)

North Korean state-affiliated hackers are continuing to exploit zero-days in popular software applications as part of global supply chain attack campaigns for espionage and financial theft purposes, British and South Korean cyber agencies warned in an alert on Thursday.

See Also: Live Webinar | Generative AI: Myths, Realities and Practical Use Cases


In a joint alert, Britain’s National Cyber Security Centre and South Korea’s National Intelligence Service warned Pyongyang-affiliated hackers are targeting victims by exploiting vulnerabilities in their third-party software applications and supply chains.


These campaigns further the North Korean regime’s priorities of “revenue generation, espionage and the theft of advanced technologies,” officials said.


“In an increasingly digital and interconnected world, software supply chain attacks can have profound, far-reaching consequences for impacted organizations,” said Paul Chichester, NCSC’s director of operations.


The report did not name any specific advanced persistent groups tied to these campaigns, although does cite the recent attack against financial trading software developer 3CX as example of these large-scale supply chain attacks. The Cyprus-based software vendor, whose…

Source…