N.Korean Hackers Attack S.Korean Agencies
Tia Anderson, Nov. 30, 2018, 9:12 a.m.
Four North Korean hacking groups continue hacking attacks on South Korean companies, public corporations and financial institutions despite rapprochement between the two Koreas.
Global cybersecurity firm FireEye said the fingerprints of major North Korean hacking groups have been found in the network servers of major companies, and financial, government and public agencies in the South, the latest as recently as Nov. 8.
The groups are Lazarus, TEMP.Hermit, Advanced Persistent Threat (APT) 38, and APT 37. Each group performed a different mission using a different hacking program. Eric Hoh at FireEye's Asia Pacific division warned the attacks are becoming more sophisticated.
APT 37 has targeted the South Korean government and military, while APT 38 tried several times to steal money from South Korean banks from January until May and resumed activities early this month.
TEMP.Hermit spread malware in defense companies and energy agencies in the April-September period, while Lazarus focused on planting malware in major road and power generation agencies.
Several foreign hacking groups, including two from China, two from Russia and one from Iran are also active in South Korea. Chinese hacking groups dubbed Tonto Team and others have concentrated on attacking the South Korean government and public agencies.
FireEye is a California-based company that develops and provides cybersecurity programs for corporations and public agencies, including about half the companies on Forbes' Global 2000 list. It detected the latest attacks in the process of analyzing the networks of companies and agencies that use its programs.