Behind the Hack: North Korea

Target: Korean Society for Health Promotion and Disease Prevention
Date of attack: April 1, 2022
 
Quick take: In early April 2022, the South Korean cybersecurity firm ESTsecurity reported that North Korea had launched a phishing attack on the Korean Society for Health Promotion and Disease Prevention. After infiltrating the journal’s email account, hackers sent fraudulent messages to victims asking them to book appointments for a new COVID-19 vaccine. The attack was designed to steal sensitive information from the recipients who were targeted. 
Why it matters: At a time when journalists, companies, and governments around the world are focused on the possibility of Russian cyberattacks in retaliation for the sanctions imposed after the invasion of Ukraine, this attack is a reminder that other states pose a significant cyberthreat as well. North Korea has a long history of launching destructive cyberattacks around the world, and its cyber capabilities are extremely sophisticated for a country with limited digital infrastructure. Cyberattacks launched by North Korea are expected to increase in the coming years, while other countries (such as Iran) are improving their capabilities as well. 
According to a study released by HP last year, there was a 100 percent rise in significant state-backed cyberattacks between 2017 and 2020. This trend shows no sign of abating, and companies need to be prepared for cyberattacks from an ever-expanding list of sources. 
We’ve got a hack for that: Like many other state-sponsored breaches, the attack on South Korea originated with a successful phishing operation. Phishing has become the tactic of choice for cybercriminals and hostile governments alike, and HP reports that governments are “developing weaponized chatbots to deliver more persuasive phishing messages.” 
NINJIO has repeatedly covered phishing, in episodes such as “To Scan, or Not to Scan” (December 2021), “Homephished” (November 2020), “Voicemail Fail” (October 2019), “Phishing the Stream” (January 2018), and “A Terminal Mistake” (October 2018). Our most recent episode (April 2022, “Gone Catphishing”) is about an increasingly common phishing technique in which hackers establish trust with a victim by building a long-term relationship before demanding sensitive information, usually in a phony emergency situation. We have also been focused on companies and organizations that are often targeted in state-sponsored cyberattacks, such as those in the critical infrastructure sector. To learn more about these attacks and what companies can do to prevent them, take a look at NINJIO’s whitepaper on the subject.