The Korea Herald

피터빈트

North Korea hacked Yoon official’s emails last year

NIS busts North Korean cyber criminal ring working for Pyongyang’s spy agency

By Kim Arin

Published : Feb. 14, 2024 - 18:43

    • Link copied

(123rf) (123rf)

North Korea appears to be behind the hacking of a presidential official’s email account in November last year, South Korea’s National Intelligence Service believes.

In a release responding to a news report on Wednesday, the presidential office said Wednesday that a private email account belonging to an administrative official was targeted in a cyber attack ahead of President Yoon Suk Yeol’s state visit to France and the UK in November. Citing the NIS, the release said the cyber attack was likely perpetrated by a North Korean source, but did not give further details such as why they thought this.

The presidential office said the email account fell vulnerable to the cyber attack “as a result of the carelessness of one official, who used a private account for official duties.” The office, adding that necessary measures have been taken to prevent a recurrence, the security system of the presidential office itself had not been exposed to the cyber attack.

The presidential office said that it was aware of the emails being hacked before the president left the country for Europe. “Cyber intrusions by foreign entities are a constant threat, and they are continuously being monitored,” the office said.

South Korean intelligence and military officials have warned of a rise in cyber attacks ahead of the general election in April.

According to the NIS, the number of instances of foreign state-sponsored cyberattacks against South Korean government institutions in the past three years is estimated to be more than 5,200. Most of them are believed to have been waged by North Korea.

More recently in December, the NIS launched an investigation following suspicions of the North Korean cybercrime ring Lazarus trying to hack the networks of South Korean courts and other judicial services.

The NIS is also working with the National Election Commission to mend security flaws in its networks after finding attempts of North Korean infiltration early last year.

For about a month from November last year, a series of outages affected South Korean government-run online services. A primary investigation by the NIS then found no evidence of foreign infiltration, with a plan to boost the security of government networks to be announced soon.

In the latest instance of North Korean cyber threats targeting private citizens, the NIS said Wednesday it busted a North Korean group that created fake gambling sites and sold them to South Korean cybercrime rings.

The NIS said that the North Korean group, which is based in China, works for the Reconnaissance General Bureau that oversees Pyongyang’s clandestine operations.

Each of the group's 15 members sends about $500 to Pyongyang by making illegal profits from creating and selling software to gambling sites, according to the NIS. From the gambling sites that they helped create, they were able to steal personal information of some 1,100 South Koreans.