SEOUL, Feb. 15 (UPI) -- Email messages sent from North Korea that were made to appear as if they were sent from the South Korean president's office have been flooding accounts, police said Monday.
Pyongyang has been targeting mostly South Korean employees specializing in North Korea affairs with spam messages, said Kang Sin-myeong, commissioner-general of the National Police Agency.
South Korean police were able to trace the Internet Protocol address to a location in the northeastern Chinese province of Liaoning, Yonhap reported.
Local newspaper Hankyoreh reported it was the same IP address that was identified in a previous cyberattack – when North Korea hacked into a South Korean nuclear operator in December 2014.
The attacks began in June 2015 and used 18 accounts that were created from a South Korean portal service. The messages instructed users to change their ID or password, or included a poll regarding the account holder's opinion on the North Korean nuclear issue.
Many emails, 759 in total, instructed the user to download a document that included malicious codes. Once downloaded, the code, nicknamed "Kimsuky" by hackers, could extract the ID and password of the user and gain access to documents on the user's computer, according to police.
The emails were targeting specific people, Kang said, as more than 87 percent of the recipients were working at think tanks or in education while specializing in North Korea affairs.
"Looking at the probe results, there is a trace of an intentional and deliberate targeting process that cannot be deemed as a coincidence," Kang said.
Police said the emails were found to be suspicious, when some words used in the message were expressions from the North Korean vernacular unfamiliar to the South Korean recipients.
South and North Koreans speak the same language, but more than 60 years of separation have led to differences in dialect.