SEOUL - The Korean National Police Agency (KNPA) revealed on Tuesday that a North Korean hacking group, identified as "Kimsuky," has compromised the email accounts of nearly 1,500 South Koreans this year. The victims include dozens of government officials, with the group utilizing about 500 transit servers domestically and internationally to execute these cyber attacks.
According to Yonhap News Agency, Kimsuky's activities have not only targeted personal information, IDs, and passwords but also attempted to steal virtual assets from the victims. However, these attempts at virtual asset theft were thwarted by robust security measures.
The scale of Kimsuky's operations in 2023 has seen a significant increase, with 1,468 victims compared to only 49 reported last year. The 2023 victims comprise 57 former and current government officials and 1,411 ordinary citizens, including company employees and self-employed individuals. Last year, the victims were primarily diplomacy and security experts.
Kimsuky's methods involved sending malicious emails under the guise of government organizations, reporters, and research institutes, manipulating IP addresses through 576 servers. This allowed them access to attached documents and address directories of the victims, although no confidential materials were reported among the stolen data.
The sophistication of Kimsuky's hacking techniques has evolved, with some victims being directed to fake websites that mimic reputable organizations or portals. Despite attempts to infiltrate 19 victims' virtual asset exchange accounts, these endeavors were unsuccessful due to strict security protocols.
Furthermore, the KNPA discovered that Kimsuky managed to earn less than 1 million won (approximately US$775) by covertly running a virtual asset mining program on 147 compromised transit servers.