North Korean Hackers Target Joint Military Exercise Amid Rising Tensions
Attacks Coincide With Ulchi Freedom Drills
Overt Operator
August 21, 2023
In a move that underscores rising tensions on the Korean peninsula, suspected North Korean hackers have launched an attack targeting a major joint military exercise scheduled to commence on Monday, according to South Korean police sources.
The annual Ulchi Freedom Shield drills, set to run from Monday through August 31, are a collaborative effort between South Korea and the United States. The exercises aim to counter the escalating threats posed by North Korea, a nation equipped with nuclear capabilities.
Pyongyang has long considered such joint military drills as a rehearsal for a potential invasion. The North Korean government has repeatedly warned that it would respond with "overwhelming" action should it perceive the drills as a provocative gesture.
The perpetrators behind this cyberattack are believed to be linked to a North Korean hacking group known as Kimsuky. Their method involved launching "continuous malicious email attacks" directed at South Korean contractors associated with the allies' combined exercise war simulation center, the Gyeonggi Nambu Provincial Police Agency revealed in a statement released on Sunday.
A subsequent police investigation yielded a definitive result: "Police investigation confirms that North Korean hacking group was responsible for the attack," the statement read, reassuring the public that military-related information remained uncompromised.
Further collaboration between the police and the US military exposed a striking similarity in the attack's IP address with one previously associated with a 2014 cyberattack. This earlier incident targeted South Korea's nuclear reactor operator and was attributed to the same Kimsuky hacking group. These findings establish a clear pattern of cyber-espionage tactics employed by the group over the years.
Kimsuky, notorious for its "spearphishing" tactics, embeds malicious attachments within emails to carry out its exfiltration of desired information. The US Cybersecurity and Infrastructure Security Agency's 2020 report asserts that Kimsuky is likely under the directive of the North Korean regime, engaged in a comprehensive global intelligence-gathering mission.
Since its emergence in 2012, the Kimsuky group has persistently targeted individuals and institutions across South Korea, Japan, and the United States. Their focus centers on foreign policy and national security matters relating to the Korean peninsula, including nuclear policy and sanctions.