North Korea engaged in its most aggressive cyberattacks yet last year, stealing a staggering 2 trillion won ($1.36 billion) in virtual assets. This record haul reflects a significant expansion in the scope of its hacking operations, which now target not only crypto platforms but also critical sectors like South Korea’s defense, information technology (IT), and software supply chains.
These alarming findings were recently unveiled in the annual cybersecurity threat and response report from South Korea’s National Intelligence Service (NIS), published by its National Cyber Security Center.
Among the primary targets were corporate software supply chains. North Korean hackers expertly exploited vulnerabilities within three domestic document management solutions. This allowed them to establish unauthorized administrator accounts and exfiltrate vast amounts of sensitive data, with reports indicating between 700 and 2.6 million leaked files, depending on the specific product targeted.
The comprehensive report further detailed how Andariel, a notorious North Korean hacking group, successfully infiltrated critical infrastructure networks. This was achieved by compromising an IT maintenance firm, granting them control over more than 20 servers and enabling the theft of high-value materials, including confidential blueprints.
These sophisticated attacks highlight an evolving playbook of tactics, including the exploitation of open-source supply chain vulnerabilities. Hackers are also employing deepfake video interviews to conceal their identities and secure positions at overseas IT firms, alongside using remote smartphone resets to disable critical security responses, according to the report.
“The large-scale personal data leaks and government network paralysis incidents observed last year demonstrate unequivocally that cyberthreats can directly translate into physical damage,” emphasized a statement from the National Cyber Security Center. “We are committed to responding preemptively to these evolving threats by leveraging artificial intelligence and cutting-edge new technologies to build a more resilient and trustworthy digital environment.”
jwc
