According to South Korea’s cybersecurity authority, the country has experienced a marked increase in hacking and malware campaigns originating from North Korean. Since these attacks are likely state-backed, it is expected that Kim Jong Un approved the attacks to generate funds for the country.
The Korean Internet & Security Agency (KISA) recently published a report addressing the growing wave of North Korean malware attacks. KISA is responsible for monitoring and maintaining the region’s online sphere. However, their latest release suggested that South Korea’s online activity is becoming increasingly threatened by malware attacks which are suspected to be originating from North Korea.
According to the Korean media outlet, Yonhap, the third quarter of 2017 saw a marked increase in malware attacks. The period between July and September witnessed 452 attacks, whereas the second quarter of the year experienced 436 attacks. South Korean users reported a total of 5,366 cases of ransomware attacks between January 2017 and September 2017 alone, which demonstrates a 3.7x increase compared to 2016’s total of 1,438 attacks.
According to a KISA official, the latest attacks targetted not only individual devices to spread malware, but also entire websites.
North Korean hackers are suspected of stealing a total of 100 million dollars worth of Bitcoin every month since 2013. Also, the cybersecurity company, FireEye confirmed earlier this year that state-backed North Korean hackers were responsible for hacking several South Korean cryptocurrency exchanges and stealing Bitcoin.
One of the more noteworthy attacks was conducted on the South Korean exchange platform, Yapizon, where hackers stole a total of $5 million worth of cryptocurrency.
However, according to an official from the South Korean Cyber Warfare Intelligence Center (CWIC), North Korean hackers have also been widely using phishing emails. The emails were all mainly directed to cryptocurrency exchange employees and contained damaging malware.
The phishing emails and other malware attacks cause the South Korean National Police Investigation (NPA) to conduct a thorough investigation regarding the hacking campaigns. In the agency’s report, they confirmed that North Korea has in the past hacked South Korean-based cryptocurrency exchange platforms, and is continuing to do so. Also, the report confirmed that a total of 25 employees from 4 different South Korean exchanges fell victim to a total of 10 phishing attacks that came from a North Korean IP address. The same IP address has been linked earlier to other hacking attempts which targeted devices located in Seoul.