August 26, 2020 11:14
Suspected North Korean hackers are sending phishing e-mails purporting to be from Samsung Cloud to defectors and other South Koreans in North Korea-related jobs.
According to cybersecurity firm ESTsecurity, a group called Thallium has been sending a malicious e-mails disguised as coming from Samsung Cloud to South Koreans working in defense firms, North Korea researchers, defectors, and journalists specializing in North Korea.
Thallium has been launching phishing attacks since 2010, but its size and identity are not known.
The latest e-mail reads, "We found on 2020-08-24 that you've used Samsung Cloud Gallery services... For further information, please click 'FAQ' or direct inquiry services."
But if people click either they are connected to a malicious code that steals their personal information.
Victims do not realize that they have been hacked because they are rerouted to the real Samsung Cloud customer service webpage.
Last December, Microsoft filed a lawsuit against unknown persons with a federal district court in Virginia. It said that Thallium targeted and stole the "personal information of government and university employees, think tanks, organizations focused on human rights and world peace, and individuals working in the field of nuclear proliferation," according to politics website The Hill.
Moon Jong-hyun of ESTsecurity warned, "There's a mounting threat from Thallium, which is launching cyber espionage attacks almost every day on South Koreans engaged in North Korean affairs."
- Copyright © Chosunilbo & Chosun.com