Voice of America
08 Dec 2022, 13:05 GMT+10
Seoul, South Korea - North Korean hackers exploited public interest in October's tragic Itaewon crowd surge to target South Koreans with malware, Google cybersecurity researchers said Wednesday.
The North Korean hackers distributed a corrupted Microsoft Word document that appeared to be an official press release from South Korea's Ministry of Interior and Safety, according to a blog post by Google's Threat Analysis Group, which focuses on government-backed cyber-attacks.
Once opened, the document would download another file that would attempt to deploy malware onto the user's device.
The document exploited a weakness in the Internet Explorer web browser, an attack known as a zero-day vulnerability, the Google blog post said. In a zero-day attack, hackers exploit such unidentified flaws to gain access to a computer system.
'We attribute this activity to a group of North Korean government-backed actors known as APT37,' Google added, saying the group has previously carried out similar attacks.
At least 158 people died in the crowd surge, which occurred when Halloween partygoers became stuck in a narrow alley in Seoul's Itaewon neighborhood on October 29.
South Korea Probes Halloween Crowd Surge as Nation Mourns
North Korea's government never offered condolences in the incident. Instead, North Korea fired an unprecedented barrage of missiles, including some that landed near South Korea's coast, during the South's period of national mourning.
N. Korea Fires Artillery Near Border in Warning to S. Korea
Google did not specify how the North Korean hackers distributed the corrupted document, who received it or how many devices may have been affected.
Google said it became aware of the North Korean malware in late October after multiple users from South Korea uploaded the document to the company's VirusTotal tool, which analyzes suspicious files.
Within hours of discovering the hacking attempt, Google reported it to Microsoft, which sent out security updates about a week later to protect users from the attack, Google said.
'This is not the first time APT37 has used Internet Explorer 0-day exploits to target users,' Google said. 'The group has historically focused their targeting on South Korean users, North Korean defectors, policy makers, journalists and human rights activists.'
North Korea, which is subject to international sanctions because of its illicit nuclear weapons program, has for years carried out a sophisticated campaign of government-backed cybercrime, which has netted Pyongyang hundreds of millions of dollars.
The hacking attempts target both overseas organizations and those in South Korea.
On Thursday, several South Korean government agencies issued a joint statement warning tech companies to exercise greater caution to prevent unknowingly hiring North Korean IT workers.
The statement urged South Korean companies to strengthen background checks for such employees, noting that North Korea uses them to acquire foreign currency that helps fund its weapons program.
Get a daily dose of China National News news through our daily email, its complimentary and keeps you fully up to date with world and business news as well.
Publish news of your business, community or sports group, personnel appointments, major event and more by submitting a news release to China National News.
More InformationMENLO PARK, California: As artificial intelligence demands explode, Big Tech is turning to an old source for new power: nuclear energy....
NEW YORK, New York - U.S. stocks rose appreciably Friday following the release of a strong jobs report which sent the U.S. dollar higher,...
WASHINGTON, D.C. America's job market is starting to lose momentum. In April, job openings rose — but so did layoffs, marking their...
DUBLIN, Ireland: Digital Business Ireland (DBI) has asked the Government to do more to help Ireland's digital and tech sector. This...
TOKYO, Japan: Toyota has announced that it will take one of its key group suppliers, Toyota Industries, private in a deal worth UD$26...
NEW YORK, New York - U.S. stocks fell Thursday after the feud between U.S. President Donald Trump and his biggest backer Elon Musk...
SEOUL, South Korea: South Korea's new president, liberal Lee Jae-myung, took office on June 4 after a dramatic and chaotic few months....
SEOUL, South Korea: South Korea's upcoming presidential election has turned into a messy battle full of personal insults and scandals...
TOKYO, Japan: Toyota has announced that it will take one of its key group suppliers, Toyota Industries, private in a deal worth UD$26...
SYDNEY, Australia: Australia's independent wage-setting body, the Fair Work Commission (FWC), has announced a 3.5 percent increase...
SINGAPORE: On May 31, U.S. Defense Secretary Pete Hegseth told America's Indo-Pacific allies that they would not be left alone to deal...
DUBLIN, Ireland: TikTok is asking the High Court to stop a decision that could block the transfer of user data to China within six...