DMZ | Flickr - Photo Sharing!
According to Kaspersky Labs, this is the first time a hack can be attributed to a North Korean agency.

A series of hacks targeting South Korean think tanks, as well as the website for the country’s Ministry of Unification, has been traced to North Korea.

According to Kaspersky Labs, a Russian security firm, this is the first time a hack can be attributed to a North Korean agency.

The hacking campaign, called “Kimsuky,” is “limited and highly targeted,” Kaspersky said in a blog post.  The hackers targeted 11 organizations based in South Korea and two entities in China. They included the Sejong Institute, the Korea Institute For Defense Analysis, Hyundai Merchant Marine, and the Supporters of Korean Unification.

The Kimsuky trojan enables keystroke logging, directory listing collection, remote control access, and HWP document theft. The attackers are reportedly using a modified version of the TeamViewer remote access application as a backdoor to hijack files from any machines they are able to infect.

In addition to the targets, which include governmental departments and other organizations devoted to the reunification of the two Koreas, the North Korean origin of the malware and hackers can be inferred, according to Kaspersky, from the fact that the compilation path string contains Korean words and that two email addresses used by bots (to send reports on status and transmit infected system information via attachments) are registered with names that indicate a North Korean origin. Also, the 10 source IP addresses of the hackers come from the Chinese provinces that lie along the North Korean border.

Although it is not certain, it is believed that the initial infections were accomplished through spearphishing attacks.

H/T Guardian | Photo by Dan/Flickr

Promoted Stories Powered by Sharethrough
News
Amtrak train smashes truck carrying a lifetime supply of bacon
An Amtrak train carrying 203 passengers collided on Friday afternoon with a truck hauling tens of thousands of pounds of bacon. There were no immediate reports of injuries.
north korea
Anonymous vows to turn over North Korean military secrets to WikiLeaks
South Korean hackers with reported ties to Anonymous have released details regarding 13 North Korean “cadres,” or high-level operatives, according to Daily NK.
The Latest From Daily Dot Video
Group

Pure, uncut internet. Straight to your inbox.

Thanks for subscribing to our newsletter!