Cyberwarfare / Nation-State Attacks
,
Fraud Management & Cybercrime
,
Geo Focus: Asia
Attackers Accessed Details of State Visits to UK, France in Private Email Account
South Korea has accused North Korean hackers of breaching an administrator’s email account in the Office of the President to access information about the president’s communications and overseas trips.
See Also: Live Webinar | Securing the Cloud: Mitigating Vulnerabilities for Government
The President’s Office told local media in a press communique Tuesday that suspected North Korean threat actors had targeted the private email account of an official in November ahead of the president’s state visits to the U.K. and France.
The unnamed official flouted cybersecurity norms by using his private email address for official work, the President’s Office said. “We detected the incident in advance before the start of the tour and took necessary measures,” it told the Yonhap news agency. “The President’s Office security system was not hacked.”
The administrator working in the President’s Office used both work and commercial email accounts to prepare for the president’s overseas trips, making it likely that the private email account stored confidential information related to President Yoon Suk-Yeol’s official activities.
Korean news agency Kukmin Ilbo said North Korean actors had gained access to the administrator’s Naver email account and accessed the schedule and details about the president’s official trips, along with details of specific events.
An official from the President’s Office told the news agency that firewalls inside the President’s Office prevent employees from accessing external emails, but staff accompanying the president on overseas trips use secure laptops and USBs that are not protected by the firewall.
“There is a possibility that he may have suffered hacking damage after saving the Presidential Office data he created in an external email and sending it,” the official said. The administrator is reportedly facing disciplinary proceedings.
Opposition party leader Yoon Geon-young, who serves as the opposition secretary on the National Assembly Intelligence Committee, said he will urge the committee to investigate the cybersecurity incident.
“It is absurd that the detailed schedule of the president’s trip, messages, etc., were stolen through this hacking,” Yoon said. “The most coveted hacking target, not only by North Korea but by any hacking force, would be the Presidential Office, which is the heart of the Republic of Korea. But does it make sense that email, which is the basis of security, is being hacked?”
The announcement about the security incident follows Yoon’s warning that North Korea may interfere with the upcoming legislative elections either to influence the outcome or to create social chaos through disinformation (see: South Korean President Expects North Korea Election Meddling).
South Korea’s National Intelligence Agency warned on Feb. 5 that an “unknown hacker organization” had obtained the personal information of government and public officials and distributed the information on Telegram and the dark web.
“This time, about 13,000 private service accounts were infected with malicious code and leaked to the dark web, and the National Intelligence Service provided related facts and information to the relevant agencies so that they could take prompt action to prevent additional damage at the agency level,” NIS said in the alert notice.
The agency said that the hackers had used information-stealing malware to obtain sensitive details, such as login IDs and passwords, from hacked devices. “To prevent damage from hacking, you should refrain from using the automatic ID/password save function and absolutely refrain from installing questionable software,” the agency said.