Close Menu
    DevStackTipsDevStackTips
    • Home
    • News & Updates
      1. Tech & Work
      2. View All

      CodeSOD: A Unique Way to Primary Key

      July 22, 2025

      BrowserStack launches Figma plugin for detecting accessibility issues in design phase

      July 22, 2025

      Parasoft brings agentic AI to service virtualization in latest release

      July 22, 2025

      Node.js vs. Python for Backend: 7 Reasons C-Level Leaders Choose Node.js Talent

      July 21, 2025

      The best CRM software with email marketing in 2025: Expert tested and reviewed

      July 22, 2025

      This multi-port car charger can power 4 gadgets at once – and it’s surprisingly cheap

      July 22, 2025

      I’m a wearables editor and here are the 7 Pixel Watch 4 rumors I’m most curious about

      July 22, 2025

      8 ways I quickly leveled up my Linux skills – and you can too

      July 22, 2025
    • Development
      1. Algorithms & Data Structures
      2. Artificial Intelligence
      3. Back-End Development
      4. Databases
      5. Front-End Development
      6. Libraries & Frameworks
      7. Machine Learning
      8. Security
      9. Software Engineering
      10. Tools & IDEs
      11. Web Design
      12. Web Development
      13. Web Security
      14. Programming Languages
        • PHP
        • JavaScript
      Featured

      The Intersection of Agile and Accessibility – A Series on Designing for Everyone

      July 22, 2025
      Recent

      The Intersection of Agile and Accessibility – A Series on Designing for Everyone

      July 22, 2025

      Zero Trust & Cybersecurity Mesh: Your Org’s Survival Guide

      July 22, 2025

      Execute Ping Commands and Get Back Structured Data in PHP

      July 22, 2025
    • Operating Systems
      1. Windows
      2. Linux
      3. macOS
      Featured

      A Tomb Raider composer has been jailed — His legacy overshadowed by $75k+ in loan fraud

      July 22, 2025
      Recent

      A Tomb Raider composer has been jailed — His legacy overshadowed by $75k+ in loan fraud

      July 22, 2025

      “I don’t think I changed his mind” — NVIDIA CEO comments on H20 AI GPU sales resuming in China following a meeting with President Trump

      July 22, 2025

      Galaxy Z Fold 7 review: Six years later — Samsung finally cracks the foldable code

      July 22, 2025
    • Learning Resources
      • Books
      • Cheatsheets
      • Tutorials & Guides
    Home»Development»North Korean Hackers Targeted Nearly 18,000 in Phishing Campaign During Martial Law Turmoil

    North Korean Hackers Targeted Nearly 18,000 in Phishing Campaign During Martial Law Turmoil

    April 16, 2025

    North Korea, South Korea, DPRK, Phishing, Martial Law

    North Korean hackers sent more than 120,000 phishing emails to nearly 18,000 individuals over a three-month campaign that impersonated South Korea’s Military Counterintelligence Command’s communication during the Martial Law turmoil, the National Police Agency said Wednesday.

    The campaign began in November 2024 and continued through January 2025, targeting professionals in the unification, defense, national security, and foreign affairs sectors. Police confirmed North Korea’s involvement through forensic analysis of the phishing infrastructure, IP addresses, and language patterns tied to past operations.

    “Our investigation has confirmed that North Korea was behind the emails distributed on Dec. 11, 2024, bearing the subject line, ‘Disclosure of Defense Counterintelligence Command Martial Law Documents,’” Kim Young-woon, head of the agency’s cyber terrorism unit, said during the press briefing. “Historically, North Korea would send hand-crafted emails impersonating analysts or experts, offering geopolitical forecasts or New Year’s speech analyses,” Kim said. “Now, they’ve automated the process, enabling mass distribution.”

    Authorities said at least 570 individuals clicked on the phishing bait and likely exposed sensitive data, including emails and contact lists.

    Recycled Infrastructure and Targeted Deception

    The hackers used 15 overseas servers rented through foreign providers and deployed custom-built malware capable of tracking real-time metrics. Investigators said the malware that looked to be an info-stealer monitored whether emails were opened, if users clicked on embedded links, and whether they submitted account credentials.

    North Korea reused servers previously identified in earlier state-backed cyberattacks. The infrastructure also showed evidence of searches for North Korean defector data and South Korean military information. Browser logs included North Korean dialects, strengthening attribution.

    Each phishing email mimicked government alerts or official communication. Subject lines included fake military documents, New Year’s policy analyses, and even invitations to concerts by South Korean celebrities. Others posed as tax refunds, horoscope readings, or health advisories.

    Deceptive Links Spread Under the Guise of Martial Law Deployment

    The emails directed users to spoofed login portals that closely resembled major South Korean web services like Naver, Kakao, and even Google. Domains included subtle misspellings or character swaps—such as googlauth.com, naver-auth.com, or baernin.com.

    Many email addresses appeared to come from government domains or closely resembled personal contacts. Spoofing methods included:

    • Adding terms like -news, -noreply, or -report to legitimate domains.

    • Mimicking friends’ or colleagues’ addresses with subtle variations (e.g., adding a single letter).

    • Using lookalike domain names with common misspellings (m as rn, or co.kr altered to co.kro.kr).

    Out of the 17,744 recipients, 120 individuals fell for the phishing attempt, entering their credentials and granting attackers access to inbox contents and stored contact information.

    Warnings to the Public

    The South Korean government urged the public to remain vigilant against phishing threats, especially those disguised as official communication. Authorities advised against opening unfamiliar emails, clicking suspicious links, or downloading unverified attachments.

    “Never input your ID or password without verifying the legitimacy of the request,” the police warned. “Look carefully at the email sender and website domain. Even minor differences can signal fraud.”

    Officials also recommended regularly reviewing account login histories and enabling multi-factor authentication wherever possible.

    A Coordinated, Persistent Threat

    The investigation showed that the phishing campaign was both well-organized and sustained, reflecting a broader pattern in North Korea’s cyber playbook. Previous incidents linked to Pyongyang include attacks on cryptocurrency platforms, espionage efforts targeting defense sectors, and global disinformation operations.

    South Korean authorities reiterated their readiness to respond decisively to any form of cyber aggression. The police pledged enhanced coordination with international partners and local cybersecurity agencies.

    “We are mobilizing our full law enforcement capability,” the Police chief said. “Cyberthreats, especially those linked to hostile nations, will be met with swift and strong responses.”

    Public Disclosure Justified

    Under South Korea’s Public Information Rules on Criminal Investigations, the case was disclosed to the media to help prevent similar attacks. The government cited two justifications:

    • The need to prevent recurrence by informing the public of phishing tactics.

    • The importance of limiting the spread of harm by raising awareness.

    This disclosure falls in line with past efforts to inform citizens of advanced cyber threats, particularly those involving national security and public institutions.

    Ongoing Investigations

    The investigation remains open as cybersecurity experts continue tracking North Korea’s infrastructure and tactics. South Korea’s Cyber Terror Response Division is working closely with the Korea Internet & Security Agency (KISA) and other international stakeholders.

    Police urged anyone who suspects they received a spoofed message to report it immediately to national authorities and avoid interacting with the email in any way.

    “Cybersecurity is a collective effort,” said the Police said. “Every report helps us build a stronger defense against these malicious campaigns.”

    Source: Read More

    Facebook Twitter Reddit Email Copy Link
    Previous ArticleFrom Third-Party Vendors to U.S. Tariffs: The New Cyber Risks Facing Supply Chains
    Next Article New BPFDoor Controller Enables Stealthy Lateral Movement in Linux Server Attacks

    Related Posts

    Development

    GPT-5 is Coming: Revolutionizing Software Testing

    July 22, 2025
    Development

    Win the Accessibility Game: Combining AI with Human Judgment

    July 22, 2025
    Leave A Reply Cancel Reply

    For security, use of Google's reCAPTCHA service is required which is subject to the Google Privacy Policy and Terms of Use.

    Continue Reading

    Why data literacy is essential – and elusive – for business leaders in the AI age

    News & Updates

    Streamlining Date Queries with Laravel’s Shorthand Methods

    Development

    CVE-2025-38347 – F2FS Inline Data Corruption Denial of Service (DoS) Vulnerability

    Common Vulnerabilities and Exposures (CVEs)

    CVE-2025-6793 – Marvell QConvergeConsole QLogicDownloadImpl Directory Traversal Vulnerability

    Common Vulnerabilities and Exposures (CVEs)

    Highlights

    Using Manim For Making UI Animations

    April 11, 2025

    Animation makes things clearer, especially for designers and front-end developers working on UI, prototypes, or…

    FOSS Weekly #25.28: Xfce Customization, CoMaps, Disk Space Clean-up, Deprecated Commands and More

    July 10, 2025

    I appreciate FBC: Firebreak’s co-op friction fun, but I hope this Remedy game can evolve over time — Review in progress

    June 17, 2025

    PC shipments surge as Windows 11 adoption rises, but the trade war threatens momentum

    April 16, 2025
    © DevStackTips 2025. All rights reserved.
    • Contact
    • Privacy Policy

    Type above and press Enter to search. Press Esc to cancel.