SEOUL, Jan. 17 (Korea Bizwire) — A North Korean hacker group has attempted to steal user passwords with phishing mails by disguising itself as a domestic portal site, a cybersecurity firm said Monday.
ESTsecurity recently published an analytical report on malicious code on its corporate blog.
The newly-detected phishing emails used a “Daurn” domain that is similar to Kakao-owned portal website Daum. The emails contained text and hyperlinks asking users to change their passwords.
Once the hyperlinks are clicked, users are connected to a phishing site that looks similar to the login page of Kakao. If users input information into the site, it is instantly sent to the server of the hacker group.
ESTsecurity noted that the group behind the phishing scam is “kimsuky,” a cyberespionage group operating under the umbrella of the North Korean General Bureau of Reconnaissance.
Pyongyang sent phishing mails to 892 experts in the areas of diplomatic security, unification and defense at least three times last year.
In October, when a widespread outage of South Korea’s largest mobile chat app occurred, the hacker group attempted to steal information on North Korean defectors’ IDs and passwords by disguising itself as the Kakao account management service.
J. S. Shin (js_shin@koreabizwire.com)