© 2023 CyberNews - Latest tech news,
product reviews, and analyses.

If you purchase via links on our site, we may receive affiliate commissions.

North Korea exploited tragedy in Seoul to spread malware, says Google


North Korean-backed hackers used the deadly Halloween crush in the South Korean capital to distribute malware in the neighboring state, according to Google.

The hackers planted malicious software in Microsoft Office documents disguised to look like a South Korean government report on the Halloween crush, Google’s anti-hacking unit, the Threat Analysis Group, said in a report released on December 7.

Google experts attributed this activity to a group of North Korean threat actors known as APT37. According to the unit, these malicious documents exploited an Internet Explorer zero-day vulnerability in the JavaScript engine.

The document, titled “221031 Seoul Yongsan Itaewon accident response situation (06:00).docx”, references the tragic incident in Seoul on October 29, when thousands of Halloween revelers packed into a narrow alleyway in the nightlife district of Itaewon, leading to 158 people dying.

"This incident was widely reported on, and the lure takes advantage of widespread public interest in the accident," the Threat Analysis Group said.

The company quickly informed Microsoft about this specific zero-day – so called because it is a glitch in a system an owner has had no time to fix before being exposed – and patches were released after around a week to fix the issue and protect users from these attacks.

Google also admitted it had not determined what the malware was intended to achieve. However, North Korean hackers, specifically the APT37 group, usually target users in its neighboring country, defectors from the Pyongyang regime, policy makers, journalists, and human rights activists.

A UN panel that monitors sanctions on North Korea has accused Pyongyang of using stolen funds gained through hacking to support its nuclear and ballistic missile programmes to circumvent sanctions.

“Investigations show that the country’s cyber activity continued, with two major hacks in 2022, at least one of them attributed to Democratic People’s Republic of Korea actors, resulting in the theft of crypto assets worth hundreds of millions of US dollars,” the UN’s midterm report said in September.

Pyongyang does not typically provide comments to independent media, but it has previously released statements denying allegations of hacking. Yet, on December 8, South Korean officials warned businesses against inadvertently hiring IT staff from North Korea.

Cybernews reported at the end of October that North Korea’s cyber heists have totaled more than $1 billion over the past two years. According to experts, the country is too poor to finance missile tests through traditional budgetary means – instead funding its program through crypto theft.

Experts are warning that the problem is likely only to get worse over the decade, as crypto exchanges are increasingly decentralized and more goods and services – legal and illicit – are made available for purchase with digital currency.

The concern is that North Korean hackers can now exploit new vulnerabilities in the latest blockchain technologies almost as quickly as they arise.


More from Cybernews:

Human Rights Watch details Iran phishing campaign

San Francisco will not allow police to use lethal robot force after all

Hive adds French sports firm to list of victims, local media claims

Florida Department of Revenue exposed user data, including Social Security numbers

Microsoft is preparing to defend Ukraine from renewed Russian cyber offensive

Subscribe to our newsletter



Leave a Reply

Your email address will not be published. Required fields are marked