Summary of article contents Disguised as the contents of the February issue of major journals on inter-Korean relations
East Security email account hijacking attack ▲Hacking attack email screen disguised as a major journal of inter-Korean relations by the Ministry of Unification. [Seoul = News] Reporter Jinyoung Lee = East Security announced on the 18th that hacking attacks disguised as the contents of the February issue of the Ministry of Unifications major inter-Korean relations journal are being discovered one after another, and special attention is required.
This attack was cleverly disguised as a major journal of inter-Korean relations sent by the Ministry of Unification, targeting experts or workers in the North Korean field, and it turned out to be an attack aimed at stealing e-mail accounts.
Some of the screen designs related to the Ministry of Unification were copied and decorated as normal contents, and the inter-Korean Relations_Main Journal.hwp file was used as if attached at the bottom of the text.
According to the analysis of the East Security Security Response Center, a number of similar cases of this method have already been caught from 2020 to last year.
There are constant reports of misleading recipients with content related to North Korea, such as the Ministry of Unifications trends in North Korea or the Korea Institute for National Unifications prospects for the situation on the Korean Peninsula.
In order to avoid suspicion of e-mail recipients, the hacking attack uses a method of manipulating the source address exactly like the official addresses of the Ministry of Unification END, the Korea Institute for National Unification mail-END, and the National Security Strategy Institute END. Inadvertent access to the file may lead to unexpected hacking damage.
According to ESRCs analysis results, the attack discovered this time may look like a typical spear phishing attack that induces users to open a malicious HWP document file attached to the body of an email. It is an attack for the purpose of stealing.
If you click the attached file link, instead of receiving the document immediately, the email recipients portal account password input screen appears. .
In addition, if the password is leaked, it is difficult to rule out the possibility of secret and continuous personal information leakage, as well as the risk of becoming a secondary perpetrator, such as an attacker stealing the victims account and accessing nearby acquaintances.
If you enter your password like this, you are using a trick to prevent you from recognizing the hacking damage by leaking account information and showing normal documents at the same time. need.
ESRC Center Director Moon Jong-hyeon said that it is a time when tight cyber security reinforcement efforts are needed as the number of North Korean-linked cyber threats impersonated like specific domestic institutions or private sector services is increasing. He called for the establishment of a closer and more organic cooperative system.
Meanwhile, East Security is maintaining cooperation to prevent the spread of known threats by closely sharing cyber threat information related to this with relevant authorities such as the Korea Internet & Security Agency.