|A TV screen shows an image of North Korea's rocket launch during a news program at Seoul Station, Thursday. Seoul on Friday announced fresh sanctions against Kimsuky, a North Korean hacking group, for its role in developing technology used by the regime in the satellite test. AP-Yonhap|
Kimsuky uses 'tailored' methods to target gov't officials, scholars, journalists: police
By Jung Min-ho
Seoul announced fresh sanctions against Kimsuky, a North Korean hacking group, Friday, for its role in developing technology the regime used in its latest satellite launch.
South Korea also issued a joint security advisory with the U.S. to warn other countries of the serious dangers North Korean hackers pose. It was the second joint action of that type taken by the two allies since their first one in February.
The group under the North Korean military intelligence agency has provided the regime with the latest space technology and information illegally collected from around the world used in an attempted satellite launch into space, which ended in failure on Wednesday. Given that the test involved ballistic missile technology, the North has been denounced and faces possible ― although unlikely ― sanctions from the U.N. Security Council.
With the group now on the government sanctions list, those who wish to engage in financial transactions (cryptocurrency included) must receive approval from the governor of the Bank of Korea or the Financial Services Commission in advance. Violators could face prosecution.
Speaking to The Korea Times, officials said one of the main goals of the measures is to send North Korea a message that violations of South Korean laws will not go unpunished ― even if immediate prosecution is not possible.
"We also aim to raise awareness of the dangers of the group across the world. Some nations may follow the lead to impose their own sanctions, which would create a web of sanctions that makes its illegal activities more difficult," a ministry official said.
According to a police officer, one of the key officials behind the sanctions initiative, said the chief targets of Kimsuky have been the email accounts of government officials, scholars and journalists in science and security fields.
"Their emails contain plenty of information not just about up-to-date technologies, but also about the details of what the government is up to and where it is headed," the police officer said.
He warned that anyone could fall into the trap of North Korean hackers, saying that they use highly sophisticated, tailored methods of deception.
"Kimsuky hackers, for example, impersonate officials of government agencies or new outlets using similar-looking email addresses," he said. "It's difficult not to be deceived if they know a lot about you."
His warnings are also reflected in an advisory issued jointly by Seoul, Washington and their security agencies, including South Korea's National Intelligence Service and the U.S. Federal Bureau of Investigation.
"DPRK (North Korean) cyber actors commonly take on the identities of real people to gain trust and establish rapport in their digital communications. Kimsuky actors may have previously compromised the email accounts of the person whom they are impersonating. This allows the actors to search for targets while scanning through compromised emails, with a particular focus on work-related files and personal information pertaining to retirees, social clubs and contact lists," they said in a statement released Thursday (U.S. time).
"In other cases, a Kimsuky actor will use multiple personas to engage a target; one persona to conduct initial outreach and a second persona to follow up on the first engagement to distract a potential victim from discerning the identity of the original persona. Another tactic is to 'resend' or 'forward' an email from a source trusted by a target."
Shin So-hyun, a cybersecurity expert, said it would be important for South Korea to continue to expand cooperation with other tech-savvy countries against such threats.
"In a virtual world, it is difficult to build a convincing case against crimes committed online without cooperation with other countries. The government needs to work more closely with like-minded countries to prevent and deter North Korean hackers' illegal activities, ideally to the level of the Five Eyes (an intelligence alliance comprising Britain, Australia, Canada, New Zealand and the U.S.)," said Shin of the Sejong Institute, a think tank.