North Korea-linked hackers are suspected of using manipulated email addresses from the South Korean government in carrying out cyberattacks to steal user information, according to cybersecurity firm ESTsecurity.
ESTsecurity detected a cyberattack on Tuesday using a manipulated email address from the Ministry of Unification and another one on Thursday using an email from the state-run Korea Institute for National Unification.
The cybersecurity firm added that it traced the two incidents to a server previously used for other cyberattacks, including one against the Institute for National Security Strategy on June 18.
ESTsecurity suspects North Korea-linked hacking groups, such as Kimsuky and Thallium, to be responsible for the attacks.
Thallium often targets officials and journalists in the security and foreign relations sectors.
When users click the links sent by hackers, they would be asked to enter their email passwords, allowing hackers to steal the information.
The cyberattacks are the latest hacking incidents suspected of being done by North Korean groups.
Last month, hackers targeted the state-run nuclear research institute.
Original Source link