본문 바로가기 주메뉴 바로가기 검색 바로가기
Virus-Stricken Korea Under Malware Attack
상태바
Virus-Stricken Korea Under Malware Attack
Users working from home or visiting illegal download sites are more vulnerable to malicious emails and ransomware
[사진=UNSPLASH]
[사진=UNSPLASH]

By Park Jun-young WIRED Korea

South Korea is under siege not just by a coronavirus epidemic, officially called COVID-19. It is also under attack from computer viruses and their ilk, as North Korean hackers are using fears about the rapid spread of the COVID-19 epidemic in their legitimate-looking emails that are spreading malware.

South Korean cybersecurity companies are warning that North Korean hackers are on a renewed offensive against South Korean corporations and public organizations, exploiting phishing, spamming, ransomware and other types of malware.

Among the security companies is AhnLab, which says that attackers, impersonating South Korean corporations and government agencies, are randomly sending out emails to collect personal information, such as usernames, passwords and credit card details.

One case in point is an invoice that was delivered by an email entitled “delivery information,” which instructed the receiver to visit the post office in his residential district after reading the attached file.

When the attached file was clicked, AhnLab said, it would send information regarding the username, user activity on the computer and the computer’s operating system and other programs.

Another case involved an emailed curriculum vitae, which had a PDF file icon, a device intended to put potentially suspicious victims at ease. Yet the opening of the CV email had the same effect of clicking the attached file of the invoice email.

What users need to do is take the usual precautions for cybersecurity, as AhnLab recommends.

“We expect attackers will attempt to deceive individual and corporate users by emailing bogus documents and others that may attract their attention,” says Yang Ha-young, a senior analyst at Ahn Lab. “Users will have to follow the basic cybersecurity guideline – confirming the identity of the email sender before opening the email, avoiding clicking the attached file of a suspicious email and installing software updates for security.”

Even more ominous is the suspicion that North Korean hackers, posing as senior South Korean government officials and research institutes funded by the South Korean government, are sending malicious emails to South Koreans, many of them working at organizations promoting international exchanges.

In the past, they have been accused of engaging in money theft and laundering. One of the latest cases involved North Korea and its Chinese collaborators. They stole $250 million in cryptocurrency in 2018, as was recently reported by WIRED UK.

“The hacking of virtual currency exchanges and related money laundering for the benefit of North Korean actors poses a grave threat to the security and integrity of the global financial system,” U.S. Attorney Timothy Shea was quoted as saying in the WIRED UK report.

Prominent among North Korean hackers is a team called Kimsuky, which has come back with emails containing malicious codes, this time targeting South Koreans for their personal information, says a group of analysts affiliated with a Seoul-based cybersecurity company, ESTsecurity.

The ESTsecurity Security Response Center, also known as ESRC, says that Kimsuky disguises itself as a high-ranking South Korean government official or a government-funded research institute working on North Korean affairs when it emails fake COVID-19 documents to South Korean corporations, public organizations and their employees.

The emails, ESRC says, are written in perfect Korean and in the format of HWP, a word program officially used by the South Korean government. One of them is entitled as “A Conference on the Prevention of COVID-19.”

South Korean managers and employees are more likely to open suspicious emails than before as many of them are now working from home and getting access to the corporate servers from outside because of the coronavirus outbreak, says Moon Jong-hyun, director of ESRC.

Accessing a corporate server via a virtual private network (VPN) is more vulnerable to malware attack, with the VPN extending a private network across a public network.

“Those working from home need to take extra care about emails from outside and their attached files, as they are linked to their corporate networks via VPN,” he says.

Security experts also warn against ransomware, which targets those attempting to download contents in violation of copyrights. Ransomware attack, they say, is on the rise with more people are staying home because of COVID-19 and visiting illegal download sites.

When they push the download button on an illegal download site, ransomware is likely to direct users to websites with malware-laden advertisements and then to a page containing exploit kits, such as “Magnitude,” which McAfee says is “known to infect users with a range of ransomware with a focus on users in South Korea.”

Security experts say users may be infected with Magniber ransomware when they visit compromised websites, using the Internet Explorer with no security patch installed.

To fend off ransomware, an AhnLab official says it is necessary to download nothing but legitimate contents and periodically install security patches on internet browsers.
이 기사를 공유합니다
RECOMMENDED