North Korean Hackers Target US-South Korean Military Drills

North Korean hackers tried to infiltrate security-related computers to obtain information on joint US-South Korean military drills that start Monday but apparently obtained no classified information, police in South Korea said.

(Bloomberg) — North Korean hackers tried to infiltrate security-related computers to obtain information on joint US-South Korean military drills that start Monday but apparently obtained no classified information, police in South Korea said.

Malicious emails were sent from suspected North Korean hackers from April of last year to employees at a company involved in joint military drills, the Gyeonggi Nambu Provincial Police said in a statement Sunday. The hackers in January were able to seize one of the employee’s accounts and install a code, but there are no indications they obtained sensitive material. 

The attempts to take out any military data was unsuccessful, but some personal computers were affected, according to the statement. South Korean police concluded the case was linked to North Korea’s hacking group known as Kimsuky, which has used similar methods before. 

The Kimsuky group focuses its intelligence collection activities on foreign policy and national security issues related to the Korean Peninsula, according to the US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency. 

The 11-day joint Ulchi Freedom Shield exercises are designed to prepare responses to various threats, using computer-simulation exercises, drills in the field and civilian-defense practice. South Korean police and US authorities have been investigating a string of e-mails from a sender falsely representing the US military sent to South Korean employees at the US Armed Forces in South Korea in July ahead of the joint military drills, the statement from police said.

North Korea for decades has denounced joint drills as a preparation for invasion and Kim Jong Un’s regime in recent years has stepped up its provocations to coincide with the exercises. His army of hackers has for years conducted cybercrimes to help procure funding for its weapons programs and phishing campaigns, hunting for information that could be of use to Pyongyang.

The drills come days after the leaders of the US, South Korea and Japan held a landmark summit at the Camp David presidential retreat in rural Maryland where they agreed on new steps to defend against North Korea’s nuclear and missiles threats. These include the sharing of real-time information of missile launches and bulking up joint military exercises among the three.

South Korea’s spy agency told lawmakers last week that Pyongyang appeared to be readying to test an intercontinental ballistic missile and smaller ones designed to deliver nuclear weapons. 

Pyongyang had already fired 24 ballistic missiles so far this year, which included four ICBMs that could hit the US mainland. Kim’s regime launched more than 70 ballistic missiles last year, a record for the state. 

Its hacker army has taken in about $200 million in cryptocurrency theft so far this year, accounting for over one-fifth of all the crypto heists in 2023, according to a report last week from the blockchain intelligence firm TRM Labs. 

Both the US and South Korea have accused Kim’s regime of deploying hackers to various corners of the world to fund its weapons programs.

They say these in-demand workers can make as much as $300,000 a year abroad — often remotely through freelance platforms with falsified or stolen identification — and can assist in enabling cyber attacks and cryptocurrency thefts that helped North Korea earn an estimated $1.7 billion in 2022.

 

More stories like this are available on bloomberg.com

©2023 Bloomberg L.P.