North Korea threat actor hacked South Korean site, researchers say

Aug. 20 (UPI) -- A South Korean media organization specializing in North Korea news may have been hacked, according to a U.S. cybersecurity solutions provider.

Volexity said in a blog post this week on its proprietary website that Daily NK, a news site that has received funding for its reporting from the U.S. National Endowment for Democracy, was hacked from March to June, South Korean network YTN reported Friday.

Researchers Damien Cash, Josh Grunzweig, Matthew Meltzer, Steven Adair, and Thomas Lancaster said in their analysis that Daily NK was the target of a "strategic web compromise" that included the planting of malicious codes.

The threat actor was identified as "InkySquid." The group also could be suspected North Korean cyber espionage group, APT37.

APT 37 is believed to have been active since at least 2012, when Kim Jong Un fully assumed power in North Korea. The group has hacked systems in South Korea, Japan, Vietnam, Kuwait and other parts of the Middle East, according to reports.

The threat actor used malware called BLUELIGHT that exploits vulnerabilities in the Microsoft Internet Explorer browser, researchers said.

"In April 2021, through its network security monitoring on a customer network, Volexity identified suspicious code being loaded via" the Daily NK site, the analysis read.

"These URLs lead to legitimate files used as part of the normal function of the Daily NK website; however, their contents were modified by the attacker to include code redirecting users to load malicious JavaScript."

Researchers said that security patches for Internet Explorer could protect browser users from the malware.

Daily NK issued a response Friday, stating the company has responded to the security threats and that the malicious code has been scrubbed.

"So far, no damage has been reported among employees or readers," the company said.