North Korean hackers ‘targeting South Korean thinktanks’

North Korean hackers have allegedly launched a cyber-surveillance campaign against the South Korean government in a bid to pinch highly confidential intelligence on defence and security.

According to researchers at Kaspersky Lab, spy programmes were launched as part of cyber-espionage campaign dubbed as ‘Kimsuky’, targeting South Korea’s ministry of unification and a number of top Seoul thinktanks.

Kaspersky Lab research director Costin Raiu told the Guardian that the latest finding is unusual, with the vast majority of attacks from Chinese origins.

"There were some attacks earlier this year that targeted banks, media companies and the suspicion there was also towards attackers in North Korea but this is the first time we have come by something that directly points to North Korea," Raiu said.

A total of 11 targets were spotted within South Korea, which include thinktanks such as the Sejong Institute, the Korea Institute for Defence Analyses and followers of Korean unification in addition to computers of Seoul’s ministry of unification and the Hyundai Merchant Marine.

Reports also reveal that North Korean hackers have hacked PCs by sending spear-phishing emails, while the unsophisticated spy programme was mainly designed to search and steal Hangul word processor (HWP) documents, deployed widely by South Korean representatives.

"We don’t know exactly what was stolen but we suspect they were looking for all sorts of HWP documents relating to work done by thinktanks towards unification and on defence and security strategy," Raiu said.

Researchers were able to detect about ten IP addresses signifying that the hackers used networks in China’s Jilin and Liaoning provinces, on the borders of North Korea.

"There are suspicions that some landlines in parts of China are used from within North Korea," Raiu added.

Sign up for our regular news round-up!

Give your business an edge with our leading Tech Monitor

Sign up