North Korean hackers are alleged of carrying out a covert cyber-espionage campaign against the South Korean government. It might be an attempt to steal secret information on defense and security.

Security experts at Kaspersky Lab revealed that South Korea’s Ministry of Unification and a number of leading Seoul thinktanks were targeted by the rare spy program. They also admitted it was the first time they had discovered a cyber-attack which directly pointed to hackers in North Korea, and they already handed a detailed tranche of evidence to the Korean Information Security Agency. Normally, the vast majority of attacks are of Chinese origin, and those coming from North Korea are quite unusual and rare.
The experts have identified at least eleven targets inside South Korea, including the Sejong Institute, the Korea Institute for Defense Analyses and supporters of Korean unification. The suspicions are that the machines of Seoul’s Ministry of Unification and the shipping giant Hyundai Merchant Marine were also targeted.
It is believed that a group of North Korean hackers have infected the machines through “spear-phishing emails”. This method targets users with personalized messages in the hope of stealing passwords or other sensitive details.
The security analysts point out that this spy program was designed specifically to search and steal Hangul word processor documents, used widely by the country’s officials. The hackers managed to take over the computer or secretly monitor the actions of its user.
Kaspersky Lab admitted they didn’t know exactly what had been stolen, but the suspicions were that the intruders were looking for all sorts of HWP documents relating to work done by thinktanks towards unification and on defense and security strategy. The experts identified ten IP addresses proving that the attackers used networks in China’s provinces next to the border with North Korea.
It is unclear whether this particular attack was state-sponsored, but its discovery will at least add to concerns about geopolitical cyber-espionage. Media reports said earlier in 2013 that it had been targeted by a Chinese cyber-espionage campaign, while in May the Pentagon directly accused China for the first time of being responsible for hacker attacks on its systems.