Suspected North Korean hacker attacks South Korea’s National Police Agency

According to reports received by Daily NK on March 28, an email entitled, "Precautionary rules for hacking attacks" was released on the morning of March 27, as a spear phishing attack targeting specific personnel related to defector organizations and human rights in North Korea. The aim of the attack was to take control of email accounts and passwords.

Spear phishing is a sophisticated and focused hacking attack that targets specific individuals, unlike standard phishing which involves the creation of a fake website to extract personal information from visitors who believe the site is genuine. The purpose of spear phishing is usually to seize specific and sensitive information.

The attack launched on March 27 showed similar patterns to those observed in the past. Emails were sent to victims with an attached text file entitled "Precautionary rules for hacking attacks.hwp." The attachment was designed so that upon opening the file, malicious code is activated to extract information and transmit sensitive files on the victim's computer to a cloud server.

The hacker sent the email under the name of the "Public relations team of the NPA" in an effort to reduce suspicion. The content of the email said, "Hello. Following an intensive crackdown on cyber crime, the National Police Agency is publishing these 'Precautionary rules for hacking attacks.'”

The attached document was entitled, "The five most malicious cyber crimes and precautionary rules to avoid them."

 

 

A spokesperson for the NPA’s public relations team told Daily NK, "Our team did not send the email. The NPA uses the domain 'go.kr,' not 'ac.kr' as used in this case.

A security expert further noted, "The attack can be reasonably assumed to be from a North Korean hacker, considering the fact that the attack targeted people related to organizations for defectors and North Korean human rights, and that it mirrors methods used in the past that were shown to have come from North Korea."

The following are some cyber security recommendations provided by computer security experts to prevent spear phishing damage.

1. Never open an email attachment unless the origin is known. Avoid opening suspicious files, and if necessary, use the preview function to inspect files first. Files with seemingly legitimate content may still have malicious code hidden in them. 

2. Keep the security settings of your document creation program updated. 

3. Use a reliable vaccine program and keep registry lists up to date. You can protect your computer from hacking attacks more effectively by installing a comprehensive security solution together with a vaccine program.

4. Proceed with caution whenever you are asked to enter your email address or password on any website. Ensure that the online forms you interact with are indeed located at the correct website address.