South Korean police announced – today, Sunday – that North Korean hackers have tried to hack into the accounts of South Korean personnel working in the joint military exercises that will start tomorrow, Monday, between Seoul and Washington.
The Gyeonggi-Nampo Provincial Police Department said – in a statement – that the hackers are believed to be linked to a North Korean group that the researchers call “Kimsuke”, adding that they carried out the hack through emails to South Korean contractors working at the Joint War Simulation Center between South Korea and the United States. .
In its statement, the police added, “It has been confirmed that information related to the army has not been stolen.”
Summer exercises
On Monday, South Korean and US forces will begin summer exercises called “Ulchi Freedom Shield”, which will last for 11 days and aim to improve the ability to respond to North Korea’s missile and nuclear threats.
And the South Korean Yonhap News Agency stated that this exercise, which is based on an all-out war scenario, is scheduled to take place from Monday to August 31, and includes various emergency exercises, such as computer simulation-based command site exercises, simultaneous field training and Olshi training. for civil defence.
An official in the Joint Chiefs of Staff said that about 30 field exercises are scheduled to take place between the two allies during the exercise period, compared to 25 exercises during the “Freedom Shield” exercise that took place in the spring of this year, and 13 exercises during the “Olshi Freedom Shield” last year.
Pyongyang objects to such exercises, saying they are preparations by the United States and its ally South Korea for an invasion.
Messages and goals
The researchers stated that Kimsuki hackers have long used email messages and spam scams that trick targets into giving passwords or clicking on attachments or links that carry malware.
South Korean police said they and the US military conducted a joint investigation and found that the Internet Protocol address used in the hacking attempt matched one identified in a 2014 hack against the operator of a South Korean nuclear reactor.
At the time, Seoul accused its neighbor, Pyongyang, of being behind the cyberattack.
It is noteworthy that in 2020, the US Agency for Cybersecurity and Infrastructure Security said that “it is possible that the Kimsuki Group was assigned by the North Korean regime to carry out global intelligence missions.”
The Federal Agency added that this group – apparently active since 2012 – targets individuals and organizations in South Korea, Japan and the United States, and focuses its attacks on issues related to foreign policy and national security on the Korean Peninsula, as well as nuclear policy and international sanctions.
