East Security announced on the 18th that special attention is required, saying that hacking attacks disguised as the contents of the February issue of the Ministry of Unification’s major inter-Korean relations journal are being discovered one after another.
This attack was cleverly disguised as a major journal of inter-Korean relations sent by the Ministry of Unification to target North Korean experts or workers, and it turned out to be an attack aimed at stealing email accounts.
Some of the screen designs related to the Ministry of Unification were copied and decorated as normal contents, and the ‘Inter-Korean Relations_Main Journal (February 2022).hwp’ file was used as an attachment at the bottom of the text.
According to the analysis of the East Security Security Response Center (ESRC), a number of similar cases of this method have already been caught from 2020 to last year.
There are constant reports of misleading recipients with content related to North Korea, such as the Ministry of Unification’s trends in North Korea or the Korea Institute for National Unification’s prospects for the situation on the Korean Peninsula.
In order to avoid suspicion of e-mail recipients, the source address of the hacking attack is changed to ‘[email protected]’ from the Ministry of Unification, ‘[email protected]’ from the Korea Institute for National Unification, and ‘[email protected]’ from the Institute for National Security Strategy. ‘, such as the official address, is being used to manipulate the sophisticated address, so it can lead to unexpected hacking damage if you inadvertently access it as an attachment by trusting the sender only with the naked eye.
According to ESRC’s analysis results, this attack may look like a typical spear phishing attack that induces users to open a malicious HWP document file attached to the body of an email, but actually inserts a malicious URL address link rather than an attachment. It is an attack aimed at stealing portal account information.
If you click the attached file link, instead of receiving the document immediately, the email recipient’s portal account password input screen appears. .
In addition, if the password is leaked, it is difficult to rule out the possibility of secret and continuous personal information leakage, as well as the risk of becoming a secondary perpetrator, such as an attacker stealing the victim’s account and accessing nearby acquaintances.
If you enter your password like this, you are using a trick to prevent you from recognizing the hacking damage by leaking account information and showing normal documents at the same time. need.
Director Moon Jong-hyeon, head of the ESRC Center, said, “As the number of North Korean-linked cyber threats impersonated such as specific domestic institutions or private sector services is on the rise, it is a time for meticulous efforts to strengthen cyber security. To achieve this, it is necessary to establish a closer and organic cooperative system at the public-private level.”
Meanwhile, East Security maintains cooperation to prevent the spread of known threats by closely sharing related cyber threat information with relevant authorities such as the Korea Internet & Security Agency (KISA).