- The police say that for the first time, state-sponsored North Korean threat actors have been seen using ransomware against companies and organizations in South Korea.
- The initial victims were mostly people who might have had valuable information, who were targeted with phishing emails, which then resulted in 13 businesses getting attacked.
- The police believe that this group is possibly the same group that attacked the Korean Nuclear & Hydropower Plant in 2014.
The attackers are said to have posed as a secretary in the office of Tae Yong-ho of the ruling People’s Power Party or an official of the National Diplomatic Academy of Korea. The emails, which began circulating in early April 2022, are said to contain links to malicious websites or malware as attachments.
2.5 million won spent to regain access
According to the law enforcement organization’s findings, at least 49 people fell into the trap and gave attackers access to their email accounts and private personal data. It is believed that the attack might be North Korean in nature for a couple of reasons:
- The IP addresses of attackers
- The use of North Korean diction
- The choice of targets
After the incident, it was enough for the attackers to launch ransomware attacks against at least 13 businesses. Two companies are known to have paid around 2.5 million won (nearly $2,000) to regain access back.
While the investigation to find out exactly who is behind these attacks is still ongoing, although the police suspect the same group that attacked the Korean Nuclear and Hydropower Plant back in 2014.