A North Korean state-sponsored APT group targeted nearly 900 foreign policy experts from South Korea to steal their personal information and carry out ransomware attacks.
The South Korean National Police Agency in a press conference on Sunday said the attackers used a phishing campaign to trick the victims into exposing their personal data.
The targeted individuals mainly had backgrounds in diplomacy, defense and security and were working toward Korean unification. At least 49 recipients fell for the phishing tricks, police said.
Police attribute the latest campaign to the North Korean advanced persistent threat actor Kimsuky – the same group that it suspects hacked the Korea Hydro and Nuclear Power in 2014. This APT is historically known to target think tanks and journalists around the globe.
Kimsuky, a state-sponsored APT also known as Thallium, Black Banshee and Velvet Chollima, has been active since 2012. North Korea allegedly leverages the APT to collect intelligence on foreign policy and national security issues related to the Korean Peninsula, and espionage has been its primary motive until now.
The police said this is the first time they have observed the use of ransomware malware and a subsequent ransom demand in exchange for unencrypted data.