Posted on August 20, 2023 at 6:37 AM

North Korean Hackers Run Unsuccessful Hacking Campaign To Infiltrate Joint US-South Korea Military Drills

Hackers based in North Korea conducted an unsuccessful campaign to access information on a joint military drill operation by the US and South Korean military forces. The military drills will commence on Monday, explaining why South Korean hackers are trying to obtain access to the activity.

North Korean hackers Target US-South Korean Military drills

The North Korean threat actors failed to obtain classified information after the hacking campaigns. Malicious emails were sent from the suspected North Korean hackers in April 2022. The emails were directed to employees based in a firm conducting joint military drills.

The hacking campaign was confirmed by the Gyeonggi Nambu Provincial Police, who concluded that the hacking attack was unsuccessful. The hacking campaign also appears to have started earlier this year. At the time, hackers managed to seize an account belonging to an employee before installing a code.

There is no evidence that the North Korean hackers obtained sensitive information in this hacking campaign. The attempts by the hackers to secure any military data were not successful. However, a statement from the South Korean police noted that the campaign might have affected some personal computers.

The South Korean police said the hacking campaign was attributed to a North Korean hacker group, Kimsuky. The group is known to have used the same techniques as the ones used in this hacking campaign.

The Kimsuky threat actor group collects intelligence on various activities, such as foreign policy and national security issues on the Korean Peninsula. The actions of this hacker group have previously been flagged by the Cybersecurity and Infrastructure Security Agency (CISA).

Joint US-South Korea military details

The Ulchi Freedom Shield exercises will happen over 11 days. The activities will prepare the responses that will address different kinds of threats. The process will include computer-simulation exercises, field drills, and civilian defense practice.

However, since the joint military drills were announced, there has been a heightened risk of hacking attacks caused by North Korean hackers. The South Korean police and US authorities are investigating several emails sent by a sender that falsely claimed to represent the US military.

The malicious emails were sent to South Korean employees working at the US Armed Forces in July. The emails were sent in July as the joint military drill exercise nears. The campaigns align with the efforts of North Korea to prevent the exercise from happening.

For years, North Korea has asserted that joint military drills are a preparation for invasion. The Kim Jong Un administration has heightened provocations against South Korea as the military drills exercise nears.

North Korean state-sponsored hackers have been busy launching hacking campaigns targeting adversaries. The activities of these hacker groups include getting the necessary funding for the weapons program and phishing campaigns. The hackers also seek to collect essential information that is helpful to Pyongyang.

The military drills these South Korean hackers conducted came after the leaders in Japan, South Korea, and the US participated in a landmark summit at Camp David’s presidential retreat. During the retreat, the leaders agreed on the measures to be taken to defend themselves against the threats of nuclear and missiles posed by North Korea.

The three countries’ leaders also agreed to share information on any missile launches while increasing joint military exercises. A South Korean spy agency noted that Pyongyang seemed ready to test intercontinental ballistic missiles and smaller missiles to deploy nuclear weapons.

North Korea has already started firing ballistic missiles in provocation. The country fired 24 ballistic missiles in 2023 alone. In 2022, the Kim Jong Un administration launched over 70 ballistic missiles.

North Korean state-sponsored hackers have been stealing cryptocurrencies to fund the missile program. In 2023 alone, these hackers have stolen around $200 million worth of cryptocurrencies, per a recent report by TRM Labs. Reports by South Korea and the US have accused North Korea of using hackers to fund the weapons program.

The US and South Korea believe that the hackers are paid heavily for these hacking campaigns. The hackers make as high as $300,000 annually and often operate remotely using freelance platforms using false or stolen identities. In 2022, North Korean hackers stole around $1.7 billion worth of cryptocurrencies, according to a report by Chainalysis.