North Korean government hackers have attacked at least 892 foreign policy experts in South Korea since April, including members of think tanks and academics. This was announced by the South Korean authorities.
The attacks began with phishing emails on behalf of political figures in South Korea. The emails contained either links to fake websites or infected attachments. As a result, several well-known experts had their personal data stolen, email compromised (which increased the number of victims), and 13 companies (mostly online stores) became victims of ransomware.
However, South Korean police believe that only 49 recipients actually entered their credentials on the phishing sites, and only 2 companies paid the 2.5 million won ($1,980) ransom, so it is difficult to judge the full extent of the consequences.
Cybercrime is a major source of income for North Korea, which is in a constant financial crisis and largely cut off from global markets, experts say. According to South Korea's National Intelligence Service (NIS), over the past 5 years, North Korean hackers have stolen about $1.2 billion in virtual assets. More than half of that amount ($626 million) was stolen this year.
While the hackers covered their tracks fairly well, the TTPs and IP addresses indicated that this is the same group that hacked into the South Korean nuclear power plant in 2014. The police also believe that the attackers will not stop their activities just because they were discovered. The authorities urged people, especially those working in sensitive areas such as technology and government, to increase their security measures and be especially vigilant against social engineering attacks.