S. Korean police blame N. Korea for fake martial law emails

A North Korean hacking group attempted to steal personal information by sending phishing emails disguised as military documents in the wake of South Korea’s Dec. 3 martial law controversy, police said Monday.

South Korea’s National Office of Investigation said the group sent 126,266 phishing emails to 17,744 recipients between November and January. The emails included fake content such as daily horoscopes, New Year’s address analyses, political forecasts and concert ticket giveaways. One version falsely claimed to contain classified documents from the Defense Counterintelligence Command.

To distribute the emails, the hackers rented 15 South Korean servers and used automated tools that tracked whether recipients opened the emails, clicked phishing links or entered sensitive information. Targets included officials and researchers in national security, unification, defense and diplomacy, as well as journalists — some of whom had been targeted in previous North Korean cyberattacks.

Investigators said the same servers had been used in earlier attacks linked to North Korea. The emails’ IP addresses traced to the border region between China’s Liaoning province and North Korea. Server logs also contained evidence of North Korean-style vocabulary.

“Do not open attachments or click on links in unsolicited emails,” a police official said. “Enabling two-factor authentication and regularly updating passwords can help prevent damage.”


이상환기자 payback@donga.com