By Lee Kyung-min
A group of hackers presumably from North Korea attempted to break into the emails of about 90 South Korean government officials in charge of foreign affairs and security, and 56 of their email account passwords were stolen, prosecutors said Monday.
The cyber security investigation unit under the Supreme Prosecutors’ Office said it found the hackers’ group set up 27 spear phishing sites between January and June in an attempt to gain access to emails of the targeted people.
These were officials from the ministries of defense, foreign affairs, unification, public safety and security, and journalists who have access to the respective ministries, as well as researchers at North Korean studies-related institutes.
The prosecution launched the investigation after receiving a report that the hackers sought to acquire information on private email accounts of some of the people.
While 56 passwords were leaked, it is not yet known whether classified information concerning national security was leaked.
The investigation showed that the group used a domestic hosting server for the attack, which targeted specific people or organizations and sought unauthorized access to confidential data. The hackers allegedly set up the phishing sites which disguised the official websites of the ministries, universities, and portal sites. Pretending to be the web engineers of the sites, they asked the officials to change their passwords because their current ones were compromised.
The prosecution shut down the phishing sites with cooperation from the National Intelligence Service and the Korea Internet and Security Agency.
Prosecutors believe that North Korea was behind this attack as it was similar to the 2014 attack by the North into Korea Hydro and Nuclear Power.
The prosecution advised the officials against using private email accounts outside work places, adding that passwords should be frequently changed in order to prevent these kind of attacks from recurring.