Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime , Social Engineering

North Korea's Kimsuky Group Targeted US-Korean Drills

Group Tried to Hack Korean Battle Simulation Company to Access Military Secrets
North Korea's Kimsuky Group Targeted US-Korean Drills
ROK Marine Corps and U.S. Marine Corps troops at the Ssangyong military exercise in East Sea Coast, Pohang, South Korea (Image: Shutterstock)

North Korean espionage group Kimsuky attempted to breach a joint exercise between U.S. and South Korean military forces that started on Monday.

See Also: OnDemand | Combatting Rogue URL Tricks: How You Can Quickly Identify and Investigate the Latest Phishing Attacks

South Korea's Gyeonggi Nambu Provincial Police Agency in a press release on Sunday said the North Korean espionage group sent spear-phishing emails to contractors in South Korea who were working at a war simulation center in an attempt to access information on the military maneuvers.

Kimsuky is recognized for its skill in spear-phishing attacks - tricking victims into disclosing their passwords, clicking on harmful attachments or opening malicious links.

A joint investigation between South Korean police and the U.S. military revealed the cyberespionage group had stolen personal information of all employees at the private company and monitored the company's emails and its business activities. In February, Kimsuky used the stolen information to craft "year-end settlements" for employees who were dispatched to the ROK-US joint combat training room and sent them spear-phishing emails disguised as tax-withheld certificates.

The investigation also uncovered an IP address used by the Kimsuky hackers that had previously been used in 2014 to target the Korea Hydro and Nuclear Power station.

Although the targeted workers attempted to execute the malicious attachments that contained info-stealer malware, the security systems at the military center blocked the attachments. The workers then forwarded the emails to their personal email accounts, resulting in the Kimsuky group accessing their personal devices and emails. But no classified information was leaked, according to the press release.

The 11-day annual military exercise, named Ulchi Freedom Shield, is scheduled to run from Monday through Aug. 31. U.S. and South Korean forces will engage in war games based on scenarios that reflect diverse threats within the security environment.

South Korea in June sanctioned the Kimsuky group, stating that it had collected sensitive information related to diplomacy, security and national defense on behalf of the North Korean regime.

The U.S. government in July 2022 also announced a $10 million reward for information about North Korean state-sponsored cyber actors, including members of infamous groups such as Kimsuky, the Lazarus Group, Bluenoroff and Andariel.

About the Author

Jayant Chakravarti

Jayant Chakravarti

Senior Editor, APAC

Chakravarti covers cybersecurity developments in the Asia-Pacific region. He has been writing about technology since 2014, including for Ziff Davis.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.