Voice of America
08 Dec 2022, 17:35 GMT+10
Seoul, South Korea - North Korean hackers exploited public interest in October's tragic Itaewon crowd surge to target South Koreans with malware, Google cybersecurity researchers said Wednesday.
The North Korean hackers distributed a corrupted Microsoft Word document that appeared to be an official press release from South Korea's Ministry of Interior and Safety, according to a blog post by Google's Threat Analysis Group, which focuses on government-backed cyber-attacks.
Once opened, the document would download another file that would attempt to deploy malware onto the user's device.
The document exploited a weakness in the Internet Explorer web browser, an attack known as a zero-day vulnerability, the Google blog post said. In a zero-day attack, hackers exploit such unidentified flaws to gain access to a computer system.
'We attribute this activity to a group of North Korean government-backed actors known as APT37,' Google added, saying the group has previously carried out similar attacks.
At least 158 people died in the crowd surge, which occurred when Halloween partygoers became stuck in a narrow alley in Seoul's Itaewon neighborhood on October 29.
South Korea Probes Halloween Crowd Surge as Nation Mourns
North Korea's government never offered condolences in the incident. Instead, North Korea fired an unprecedented barrage of missiles, including some that landed near South Korea's coast, during the South's period of national mourning.
N. Korea Fires Artillery Near Border in Warning to S. Korea
Google did not specify how the North Korean hackers distributed the corrupted document, who received it or how many devices may have been affected.
Google said it became aware of the North Korean malware in late October after multiple users from South Korea uploaded the document to the company's VirusTotal tool, which analyzes suspicious files.
Within hours of discovering the hacking attempt, Google reported it to Microsoft, which sent out security updates about a week later to protect users from the attack, Google said.
'This is not the first time APT37 has used Internet Explorer 0-day exploits to target users,' Google said. 'The group has historically focused their targeting on South Korean users, North Korean defectors, policy makers, journalists and human rights activists.'
North Korea, which is subject to international sanctions because of its illicit nuclear weapons program, has for years carried out a sophisticated campaign of government-backed cybercrime, which has netted Pyongyang hundreds of millions of dollars.
The hacking attempts target both overseas organizations and those in South Korea.
On Thursday, several South Korean government agencies issued a joint statement warning tech companies to exercise greater caution to prevent unknowingly hiring North Korean IT workers.
The statement urged South Korean companies to strengthen background checks for such employees, noting that North Korea uses them to acquire foreign currency that helps fund its weapons program.
Get a daily dose of China National News news through our daily email, its complimentary and keeps you fully up to date with world and business news as well.
Publish news of your business, community or sports group, personnel appointments, major event and more by submitting a news release to China National News.
More InformationTOKYO, Japan: Japanese Prime minister Fumio Kishida said this week that it was "now or never" for Japan, one of ...
WASHINGTON D.C.: As part of its efforts to simplify the national COVID-19 vaccine strategy, the US Food and Drug Administration ...
WASHINGTON D.C.: US authorities said this week that a surge in Cubans and Nicaraguans arriving at the US border with ...
OTTAWA, Canada: Canadian Prime Minister Justin Trudeau's Liberal government plans to implement its long-awaited workforce transition bill, the "Just Transition," ...
TOKYO, Japan: The Yomiuri newspaper has reported that Japanese Prime Minister Fumio Kishida is planning to visit Kyiv in February ...
HONOLULU, Hawaii: The casket bearing Abigail Kinoiki Kekaulike Kawananakoa, long considered the last Hawaiian princess, has gone on public viewing ...
TOKYO, Japan: Japanese Prime minister Fumio Kishida said this week that it was "now or never" for Japan, one of ...
BANGKOK, Thailand: Following China's reopening and the end of its strict COVID-19 restrictions, businesses on Thailand's holiday island of Phuket ...
SEOUL, South Korea: Korea Customs Service data released this week showed that South Korean exports for the first 20 days ...
TOKYO, Japan: The Yomiuri newspaper has reported that Japanese Prime Minister Fumio Kishida is planning to visit Kyiv in February ...
LENNOX HEAD, Australia - An Irish father died in Australia while trying to save his daughter after she was swept ...
TOKYO, Japan: More than half of major Japanese companies are planning to raise wages this year, after Prime Minister Fumio ...