Despite truce talks, North Korean hackers still targeting South Korean firms
Cyber Warfare / Despite truce talks, North Korean hackers still targeting South Korean firms
6 June 2018
Even though there are signs of a possible truce between the Korean neighbours, the long-drawn and well-funded cyber-espionage campaign carried on by North Korean hackers against targeted entities in South Korea continues unabated.
According to reports, Andariel Group, a group composed of North Korean hackers and a division of the Lazarus Group, recently launched a series of attacks on South Korean targets by leveraging nine ActiveX vulnerabilities. The hackers carried out watering hole attacks, a zero-day attack, and used backdoor trojans to infect high-value targets in South Korea.
Samsung targeted this time
It is believed that Samsung SDS Acube installations was a prime target of the operations and the firm has subsequently released an update to plug a zero-day vulnerability that North Korean hackers have been exploiting.
According to an alert released by the South Korean CERT, attackers are exploiting a vulnerability in Samsung’s Acube products to inject malicious code and that users of AcubeFileCtrl.ocx 18.104.22.168 or older versions need to update to the latest version. It is not known yet how many systems have been affected by the hacking operation that started last month.
Commenting on the malicious operation launched by North Korean hackers on South Korean targets, Andy Norton, director of threat intelligence at Lastline, said that given the precarious political situation with North Korea, the fragile peace talks and negotiations around nuclear disarmament, a campaign of continued cyber intelligence gathering should not be a shock to anyone who understands that the cyber theatre facilitates asynchronous warfare.
“This watering hole attack was placed on significant military and research institutes of North Korean entities and would have potentially impacted visitors to those niche interest sites,” he added.
Constant targeting of South Korean military assets
In the past year, North Korean hackers have been found to be behind a number of sophisticated cyber attacks on organisations in the West, in South Korea, on cryptocurrency exchanges and on military entities in enemy countries.
In October last year, it came to light that a cyber attack on South Korea’s defence ministry by suspected North Korean hackers compromised a treasure trove of military secrets as well as contingency plans. The stolen data included 235GB of documents from the Defence Integrated Data Centre, confidential reports to senior Allied commanders, as well as battle plans drawn up by the U.S. and South Korea.
Data stolen by hackers also included locations of military facilities and power plants, as well as details of a plot to assassinate North Korean dictator Kim Jong-Un.
Last year, U.S. and South Korean authorities also confirmed that North Korean hackers had, via a cyber-attack, stolen details of a highly confidential masterplan named ‘OPLAN 5027’ which contained details about future invasion of North Korea by the U.S. and South Korean armies.
Britain was recently dragged into the much-publicised verbal conflict between North Korea and the United States when dictator Kim Jong-un accused it of being ‘mercenaries’, a ‘vassal’ of the United States and joining ‘war-mongering’ drills.