North Korea linked to cyberattack disguised as Covid-19 vaccine registration site

The cyberattack came less than a week after North Korea conducted its most powerful intercontinental ballistic missile test to date. PHOTO: REUTERS
Updated
Apr 02, 2022, 12:48 PM
Published
Apr 02, 2022, 11:35 AM

SEOUL (NYTIMES) - Hackers linked to North Korea were suspected of carrying out a cyberattack on South Koreans through emails disguised as official messages sent from a medical journal calling on recipients to book appointments for a new coronavirus vaccine, a South Korean cybersecurity company said in a statement on Friday (April 1).

The cyberattack, which came less than a week after North Korea conducted its most powerful intercontinental ballistic missile test to date, was sent from an email address belonging to the Korean Society for Health Promotion and Disease Prevention, the company said. This was possible because the hackers had infiltrated the medical journal's server and email account in what the company, ESTsecurity, called a phishing attack.

"We have confirmed that the camouflage methods and tactical commands used to steal the account exactly matched the other cases of cyberattacks linked to North Korea," the company said, adding that the email's header contained a code found in previous attacks that analysts have linked to North Korea.

Previously, North Korean hackers have used cyberattacks on governments, companies and financial institutions to steal information and millions of dollars to fund their own government. ESTsecurity has also attributed to North Korea similar phishing attacks sent from email addresses belonging to agencies such as the Ministry of Defense and the Ministry of Unification.

The latest email attack targeted mostly South Koreans working in fields dealing with North Korea, the company said, and appeared to be designed to trick the recipients into providing personal information to the hackers by making them believe they were registering for the new vaccine.

A screenshot of the email included in ESTsecurity's statement showed language advertising "the newest Covid-19 vaccine," information on when it would be available to "purchase" and a link that the company said was disguised as a vaccine registration site.

"On March 25, 2022, the vaccine was researched and developed by the N.I.H., a national medical research institute under the US Department of Health and Human Services," the email said, adding that the new vaccine was effective for people ages 65 and older against new variants, including Delta and Omicron. The emails were sent on Tuesday.

More On This Topic
South Korea says North faked launch of so-called 'monster' missile
North Korean hackers stole $538m in cryptocurrency in 2021: Report

Join ST's Telegram channel and get the latest breaking news delivered to you.

Available for
iPhones and iPads
Available in
Google Play

MCI (P) 066/10/2023. Published by SPH Media Limited, Co. Regn. No. 202120748H. Copyright © 2024 SPH Media Limited. All rights reserved.

Back to the top