Don't Miss

S. Korea raises cyber alert level amid signs of N. Korean hack attacks

January 25, 2016

By Kang Yoon-seung

SEOUL (Yonhap) — South Korea raised its cyber alert level following the influx of malicious e-mails presumed to have originated from North Korea amid a spike in cross-border tensions after Pyongyang tested a fourth nuclear device early this month, the government said Monday.

The country’s cyber alert was marked up one notch to “yellow” from the normal “blue,” the Ministry of Science, ICT, and Future Planning said. It said authorities detected an increase in e-mails that impersonate government organizations, including the presidential office and the foreign ministry, as well as Internet portal managers.

“North Korea has attempted cyber attacks previously to spark public anxiety and hostility against the government,” the ICT ministry said, adding that the latest series of e-mails could be part of North Korea’s broader provocations following what it claimed was a hydrogen bomb test on Jan. 6.

The government said the e-mails seem to be targeting people working in key infrastructure areas and their partner firms that can have considerable repercussions throughout the country’s web ecosystem. It urged South Koreans to install antivirus programs on their PCs and smartphones, and to refrain from opening suspicious e-mails.

Policymakers have asked local computer antivirus firms and system integration companies to be on guard against attacks and take steps to respond effectively to them.

Industry sources, in addition, said malicious code was also distributed online that aimed to penetrate the Samsung Group’s corporate messenger system. The code was distributed through the file dubbed mySingleMessenger.exe, which shares the same name as the install file for the messenger. Samsung is South Korea’s largest family-run conglomerate and includes Samsung Electronics Co., the world’s No. 1 smartphone vendor.

Observers speculated that North Korea could be behind the attack, as it shows the same pattern as Pyongyang’s alleged hack of Sony Pictures Entertainment Inc. in 2014 when the company planned to release “The Interview,” a movie with a plot about assassinating Kim Jong-un.

An official from Samsung SDS Co., which oversees the group’s information technology solutions, said the malicious code currently poses no imminent threat to the company, as the messenger is currently not in use. The official added no hacking attempts have been detected so far.

The latest development comes after state-run Korea Hydro & Nuclear Power Co. suffered a series of cyber attacks in December 2014 that was carried out by an anonymous anti-nuclear group. The group posted a series of documents and operating manuals for a number of South Korean nuclear reactors on the Internet.

South Korean investigators at the time concluded the attack is believed to have been caused by North Korean hackers, although Pyongyang denied involvement.