The South Korean government on Monday issued a cyberthreat warning, accusing North Korea of sending malicious code in phishing attacks to websites and the email accounts of workers at government ministries, ecommerce sites, and private sector businesses.
South Korea's Ministry of Science, ICT and Future Planning said North Korea sent a barrage of phishing attacks to email accounts at the a slew of public institutions and private sector companies, including the Ministry of Foreign Affairs, the Unification Ministry and infrastructure-related agencies, as well as private sector partners.
The ministry raised its cyberthreat advisory level one notch from five to four, in a five-step ranking system of increasing danger, one being the highest.
Samsung Group's company-wide messenger app, My Single Messenger, was also targeted by this recent uptick in phishing attacks, according to local media reports on Tuesday. My Single Messenger is the chat app used on the Samsung's intranet, My Single.
Recipients of the fake email were either asked to reinstall/download the chat app file called, mysinglemessenger.exe, or to upgrade their word processing program.
Phishing attacks are often the first step in an Advanced Persistent Threat (APT) attack, which is usually used to steal data rather than to cripple a company's IT system. Reports indicated Samsung Group discovered the malicious code before damage could take place.
"No malicious code has been detected nor is there any reported damage. We are conducting additional internal investigation to ensure security," a Samsung spokesperson said.
North Korea was blamed by South Korea and the US for the Sony Pictures hack in November 2014, which forced the company to pull its film, The Interview, from theatrical release. But conclusive evidence that the country was indeed behind the attack remains to this day scant at best. That incident employed a phishing attack.
Many people in South Korea link the recent barrage of attacks with that one, even though phishing in a fake email could be the single most common type of cyber attack. It is also next to impossible to trace an attack back to its Internet Protocol (IP) address, because the path from origin to targeted destination can be altered with a simple VPN which connects to a proxy server.
South Korea -- in particular its government offices and private sector groups, especially its financial and IT sectors -- is the target for massive quantities of malicious code and other cyber attacks. A report by the country's National Computing & Information Agency (NCIA) said over 114,000 cyber attacks targeted government offices from 2011 to June 2015.
In December 2014, the public sector Korea Hydro & Nuclear Power Company suffered a series of cyber attacks, followed by an anonymous anti-nuclear energy group posting on the net a series of documents and operating manuals for South Korean nuclear reactors.
Seoul's subway system was also hacked, an incident that reportedly took place in July 2013 but was not made public until October 2015.
North Korea could be behind these attacks; the Korean War ended in an armistice agreement and not a peace treaty. After 60 years, North and South Korea are technically still at war. South Korea won't know for sure who is behind this latest barrage of cyber-attacks, but uncertainty is the nature of the cyberthreat.