On Sunday (August 20), South Korean police reported that suspected North Korean hackers had targeted a joint US-South Korea military exercise taking place this week. The Ulchi Freedom Guardian summer exercises, scheduled to span 11 days, seek to improve the readiness of South Korean and US forces in responding to the evolving nuclear and missile threats posed by North Korea.
North Korea has consistently objected to these joint exercises, asserting that they are groundwork for an invasion by the US and South Korea. Interestingly, researchers attributed the recent hacking incident to a North Korean group known as Kimsuky. Furthermore, the Gyeonggi Nambu Provincial Police Agency reported that the North Korean hackers attack involved sending deceptive emails to South Korean contractors stationed at the South Korea-US combined exercise war simulation center.
Significantly, the police agency emphasized that no classified military information was compromised during the breach. This development aligns seamlessly with North Korea’s past denial of involvement in cyberattacks. Moreover, Kimsuky, the hacking group in question, has a well-documented history of utilizing “spear-phishing” tactics, primarily involving emails, to deceive recipients into disclosing passwords or engaging with malicious attachments and links.
In a joint collaborative effort, both South Korean police and the US military conducted a thorough investigation.Their comprehensive findings impressively and definitively linked the IP address used in this hacking attempt to one that experts had previously identified in a 2014 breach against South Korea’s nuclear reactor operator. Notably, during that earlier incident, South Korea had openly and boldly accused North Korea of orchestrating the cyberattack.