Pyongyang faked popular South Korean website to steal data, says spy agency


South Korea’s spy agency said it detected signs that North Korean government-backed hackers were trying to steal personal details through a phishing website mimicking Naver, South Korea’s biggest website. — AP

SEOUL, South Korea: North Korea created a fake version of Naver, South Korea’s largest Internet portal, as part of a sophisticated phishing attack designed to harvest personal information, Seoul’s spy agency said on June 14.

One of South Korea’s biggest tech companies, Naver’s myriad services – including Google-like maps, financial services similar to Apple Pay, and popular blogs and chat forums – are used daily by many Koreans.

South Korea’s National Intelligence Service said Pyongyang had created a phishing site that replicated Naver’s main page, including its real-time news, trading and real estate sections.

The site, naverportal.com, was designed to hack South Koreans’ Naver IDs and passwords, giving Pyongyang access to valuable personal data, NIS added.

“As North Korea’s hacking attack methods against our people are becoming more sophisticated, we ask people to be extra vigilant,” NIS said in a statement, adding measures have been taken to block the phishing site from South Korean users.

“Please cease accessing it immediately if you spot a page that's not a standard Naver access domain URL,” it said.

North Korea has previously attempted to steal South Korean IDs and passwords by duplicating Naver’s log-in page but creating a fake portal was a new approach, the agency said.

“The North has upgraded its attack scheme in order to better extort private information,” it said.

“We are tracking the activities of the hacking group in cooperation with foreign agencies as the server is located overseas.”

Naver warned users to continue to exercise caution.

“We urge users to check if the address is the right one and pay extra attention when accessing Naver,” the company said.

‘Clumsy’ but effective

Experts said that, on close inspection, the fake Naver site appeared “clumsy” but was probably more than good enough to fool people who were not paying attention.

“By the nature of this kind of attack, South Koreans are at a disadvantage because we are on the receiving end,” Choi Gil-il, a former national security official, told AFP.

“We have to be constantly on guard to fend off cyber phishing.”

The Yonhap news agency reported that North Korea – possibly the state-backed hacker group Kimsuky – hacked into the intranet of the Seoul National University Hospital in May and stole personal information about more than 800,000 patients and workers.

According to Seoul, Tokyo and Washington, Pyongyang stole as much as US$1.7 billion in cryptocurrency last year alone and supported its weapons programmes in part by gathering information through “malicious cyber activities”.

Seoul's foreign ministry also announced Wednesday it had decided to strengthen its collaboration with Mandiant, an American cybersecurity firm and Google subsidiary, to better respond to North Korea’s cyber activities.

“North Korea is carrying out omnidirectional cyberattacks, such as theft of cryptocurrency and hacking of sensitive information, all over the world,” the ministry said in a statement.

That activity “not only causes property damage to innocent individuals and companies, but also poses a serious threat to the global IT ecosystem as a whole”, it said. – AFP

Follow us on our official WhatsApp channel for breaking news alerts and key updates!
   

Next In Tech News

Japan's antitrust watchdog to find Google violated law in search case, Nikkei reports
Is tech industry already on cusp of artificial intelligence slowdown?
What does watching all those videos do to kids' brains?
How the Swedish Dungeons & Dragons inspired 'Helldivers 2'
'The Mind Twisting Quadroids' review: Help needed conquering the galaxy
Albania bans TikTok for a year after killing of teenager
As TikTok runs out of options in the US, this billionaire has a plan to save it
Google offers to loosen search deals in US antitrust case remedy
Is Bluesky the new Twitter for teachers in the US?
'Metaphor: ReFantazio', 'Dragon Age', 'Astro Bot' and an indie wave lead the top video games of 2024

Others Also Read