- The attacks were carried out by Kimsuky, a North Korean state-sponsored hacking group.
- The attackers targeted retired officials as they are engaged in government advisory activities.
Retired South Korean diplomats, government and military officials have fallen victim in the first of its kind attack campaigns. The attacks were carried out by Kimsuky, a North Korean state-sponsored hacking group.
What is the motive?
Simon Choi, founder of IssueMakersLab, told ZDNet that the attackers targeted retired officials as they are engaged in government advisory activities. In addition, they also maintain ties with incumbent government officials.
Choi further added that people of older age tend to be more vulnerable than officials still in office. This enables the attackers to easily hack their accounts to steal sensitive or to launch attacks.
How did the attackers operate?
The attacks occurred between mid-July and mid-August of 2019. They were basically carried out through spear-phishing emails. These emails included links that redirected victims to fake login pages. These spoofed login pages asked victims to provide their login credentials, which could later be used for identity fraud.
What is Kimsuky?
Kimsuky, also known as Velvet Chollima, is a well-known political cyber-espionage group linked to North Korea. It has been in operation since 2011. Its primary targets include various South Korean government, nuclear power plants, and military operations.
In the past two years, the group has expanded its operations to include foreign targets such as academic institutions, foreign affairs ministries, and the US think tanks.