April 24, 2019 12:34
Hackers believed to be from North Korea are disseminating malware disguised as press releases from the South Korean Unification Ministry.
According to cyber security firm East Security on Tuesday, an e-mail purporting to come from the Unification Ministry was sent out to reporters. It claims to contain the ministry's response to a news report, but opening it infects users' computers with malware.
The e-mail was sent using the address of an actual Unification Ministry staffer but used the ministry's old domain name "@unikorea.go.kr."
An East Security staffer said, "We believe that the hackers are Geumseong 121, which is run by the North Korean regime." Also known as Red Eyes, APT 37 and Group 123, the hacker group previously attempted a similar cyberattack by pretending to conduct a survey of families separated by the 1950-53 Korean War.
Some of the IP addresses used by the hackers have been traced to Pyongyang.
- Copyright © Chosunilbo & Chosun.com