Security experts warn against malicious emails disguised as government documents

By Park Sae-jin Posted : July 4, 2018, 17:54 Updated : July 4, 2018, 17:54

[Iclickart]


SEOUL -- Security experts accused a hacking group Wednesday of launching a cyber attack with malicious emails disguised as a South Korean government document, targeting North Korea-related organizations, as the two Koreas are set to resume the reunions of separated families.

The attack coincided with a process to confirm the whereabouts of South Koreans wanted by their North Korean relatives for family reunions. The two Koreas agreed to hold reunions involving 100 families from each side from August 20-26 at the North's Mount Kumgang resort.

With a list of 200 candidates sent by North Korea, Red Cross officials are looking for relatives living in the South. The North Korean list included eight people in their 90s, 124 people in their 80s and 67 people in their 70s. The oldest person is a 93-year-old grandmother.

ESTsecurity, a Seoul-based security company, said in a statement on Wednesday that a hacking group known as "Geumseong121" is carrying out an advanced persistent threat (APT) attack using disguised emails.

"Sly, targeted attacks disguised as official government documents are being continuously witnessed," an ESTsecurity official was quoted as saying. The official added some attacks contained codes created in foreign languages such as Russian to add confusion.

ESTsecurity said emails used in the attack, codenamed as "Operation. Mystery Egg" are hard to crack because they are protected by an HTML web file with a high level of security.

Security experts in Seoul believe Geumseong121 has been behind a series of cyberattacks in South Korea. In March, the group was found to have sent emails containing malicious codes to cryptocurrency users.

The hacking group has sometimes used North Korean words in its written threats, and South Korean intelligence officials said earlier that North Korean hackers are suspected of having launched cyber attacks on South Korean virtual money exchanges.

Cyber experts at home and abroad insist the impoverished North has been desperate to secure foreign currencies due to tight international sanctions.
기사 이미지 확대 보기
닫기