Advertisement

North Korea threat actor hacked South Korean site, researchers say

North Korea threat actor hacked South Korean site, researchers say
Malware that was used to attack a South Korean news site covering North Korea has been traced to a group with connections to North Korean cyber espionage, U.S. researchers said this week. File Photo by Andrew Wong/UPI | License Photo

Aug. 20 (UPI) -- A South Korean media organization specializing in North Korea news may have been hacked, according to a U.S. cybersecurity solutions provider.

Volexity said in a blog post this week on its proprietary website that Daily NK, a news site that has received funding for its reporting from the U.S. National Endowment for Democracy, was hacked from March to June, South Korean network YTN reported Friday.

Advertisement

Researchers Damien Cash, Josh Grunzweig, Matthew Meltzer, Steven Adair, and Thomas Lancaster said in their analysis that Daily NK was the target of a "strategic web compromise" that included the planting of malicious codes.

The threat actor was identified as "InkySquid." The group also could be suspected North Korean cyber espionage group, APT37.

RELATED Suspects in North Korea espionage case to be turned over to prosecution

APT 37 is believed to have been active since at least 2012, when Kim Jong Un fully assumed power in North Korea. The group has hacked systems in South Korea, Japan, Vietnam, Kuwait and other parts of the Middle East, according to reports.

The threat actor used malware called BLUELIGHT that exploits vulnerabilities in the Microsoft Internet Explorer browser, researchers said.

"In April 2021, through its network security monitoring on a customer network, Volexity identified suspicious code being loaded via" the Daily NK site, the analysis read.

Advertisement
RELATED North Korea holds conference on technology, construction

"These URLs lead to legitimate files used as part of the normal function of the Daily NK website; however, their contents were modified by the attacker to include code redirecting users to load malicious JavaScript."

Researchers said that security patches for Internet Explorer could protect browser users from the malware.

Daily NK issued a response Friday, stating the company has responded to the security threats and that the malicious code has been scrubbed.

RELATED South Korean parliamentary committee passes 'fake news' law despite objections

"So far, no damage has been reported among employees or readers," the company said.

Latest Headlines

Advertisement
Advertisement

Follow Us

Advertisement