SEOUL, Nov. 21 (Yonhap) — A North Korean hacking group has stolen the email accounts of nearly 1,500 South Korean people, including dozens of government officials, this year after taking control of about 500 transit servers at home and abroad, the Korean National Police Agency (KNPA) said Tuesday.
The North’s hacking organization, identified as “Kimsuky,” was also found to have attempted to steal the victims’ virtual assets, as well as their personal information, IDs and passwords, the KNPA said, though the virtual asset theft attempts failed due to strict security procedures.
A total of 1,468 South Koreans, including 57 former and current government officials, had their email accounts stolen by Kimsuky in 2023, marking a nearly 30-fold increase from only 49 victims reported to the authorities last year.
Last year’s victims were mostly diplomacy and security experts but Kimsuky has indiscriminately expanded the target of its hacking attacks to the general public, the agency said, adding 1,411 ordinary citizens, including company employees and self-employed people, suffered damage this year.
Kimsuky sent malicious emails to the victims under the feigned names of government organizations, reporters and research institutes after changing its IP address via 576 servers at home and abroad, the KNPA said. The hacking group then gained access to the victims’ attached documents, address directories and other data, though there were no confidential materials among the stolen information.
Notably, Kimsuky’s hacking method has become far more sophisticated, as some of the victims were induced by attached URLs to access fake websites imitating trustworthy organizations or portals, the agency noted.
The North’s hackers attempted to steal virtual assets from 19 of the victims by fraudulently accessing their virtual asset exchange accounts but those attempts were not successful due to strict security procedures, the KNPA said.
The agency has also confirmed that Kimsuky has earned less than 1 million won (US$775) by secretly running a virtual asset mining program on 147 transit servers taken over through hacking.