Google has accused North Korean hackers of exploiting the fatal ‘Halloween crowd crush’ to distribute malicious software to internet users in South Korea.
The Halloween crush is a fatal event that occurred on October 29, 2022, where thousands of fun lovers crowded alleyways during Halloween festivities in the Itaewon neighbourhood of Seoul, South Korea. The crowd crush resulted in the death of at least 158 with no fewer than 196 people left injured.
Google’s Threat Analysis Group’s report, released on Wednesday, disclosed that the hackers had embedded the malware in Microsoft Office documents disguised as a South Korean government report on the tragic Halloween crush. It also says the hackers were backed by the North Korean government.
The tech giant’s anti-hacking group had tracked the activity to a group of North Korean government-backed hackers referred to as APT37. The group has a history of targeting South Korean users, North Korean defectors, policymakers, human rights activists and journalists.
Read also: How hackers hacked Uganda’s Airtel money
According to Google’s anti-hacking group, “This incident was widely reported on, and the lure takes advantage of widespread public interest in the accident.”
Google recalled that it had on October 31 reported a similar software vulnerability to Microsoft within hours of discovering the issue, while Microsoft issued a patch to fix it on November 8.
Google also said it is yet to determine what the malware was created to achieve, as it exploited an Internet Explorer vulnerability.
North Korea Hacking Record
North Korean hackers have been accused of numerous cyberattacks across the world, many of which have been cyber-thefts targeted at getting funds for the cash-strapped administration of Kim Jong-un.
North Korean hackers have stolen at least $840 million worth of digital assets between January and May of 2022. This figure more than doubles the previous year’s theft case of $400 million reported by blockchain analysis firm Chainalysis.
In 2021, the United States Department of Justice charged three North Korean computer programmers with partaking in a wide-ranging criminal conspiracy to carry out a series of sophisticated cyberattacks to steal and extort no less than $1.3 billion of money and cryptocurrency from different financial institutions and companies. The accused engaged in the crime to design and deploy various malicious cryptocurrency applications and to develop and fraudulently market a blockchain platform.
The Indictment expands a 2018 Case that highlighted the attack on Sony Pictures and the Creation of WannaCry Ransomware, where two new defendants were to the worldwide ploy to steal money and crypto from banks and businesses while Operating in North Korea and China.
The United Nations panel of experts responsible for monitoring and enforcing sanctions on North Korea has accused Pyongyang of using illegally obtained funds gained through hacking, to support its illicit nuclear and ballistic missile programmes.
In the past, North Korea has released statements denying accusations that it commits cybercrimes. It has also accused the U.S. and its allies of “spreading bad rumors” about the Asian country after the U.S. made accusations against it.
On Thursday, South Korean officials told businesses that they shouldn’t hire IT workers, from North Korea just because they wanted to.
North Korean Hackers Attack In Africa
In 2019, a United Nations report disclosed that South Africa, Nigeria, Gambia, Liberia, Costa Rica and Malaysia were among the countries targeted by North Korean cyber criminals, according to Business Insider.
According to a confidential report prepared for the United Nations, the attacks sought to set up fake interbank transfers by hijacking bank computers and infrastructure and stealing cryptocurrency tokens through direct attacks on users and crypto exchanges.
These hackers reportedly raised around $2 billion from attacking banks and cryptocurrency repositories with the goal of developing nuclear weapons.