North Korean Hackers Suspected of Using South Korean Government Email Addresses

Cybersecurity firm ESTsecurity reported that suspected North Korean hackers have used South Korean government domain email addresses to launch cyberattacks.

ESTsecuritysaid they detected a cyberattack last  Tuesday, that was traced to an email address from the Ministry of Unification while on Thursday, the hackers used an address from the state-run Korea Institute for National Unification.

The emails in the attacks had links to documents that appeared to be official government reports but were actually phishing sites used to steal personal information. 

The two attacks were traced to a server that had been long used for other cyberattacks including the June 18 breach at the Institute for National Security Strategy.

ESTsecurity suspected that the attacks were conducted by North Korean-linked hacking groups like Thallium and Kimsukywho used similar attack patterns. 

© Fourth Estate® — All Rights Reserved.
This material may not be published, broadcast, rewritten or redistributed.