North Korea hackers target US-South Korea drills: Seoul

Police in South Korea said on Sunday that suspected North Korean hackers attempted to breach a major joint military exercise between the US and South Korea that was set to begin on Monday.

"Police investigation confirms that North Korean hacking group was responsible for the attack," the Gyeonggi Nambu Provincial Police Agency said in a statement. However, no classified military information was compromised, the statement added.

The upcoming 11-day Ulchi Freedom Guardian summer exercises aim to bolster the allies' readiness against North Korea's advanced nuclear and missile threats.

Pyongyang has frequently criticized such joint drills, alleging they are rehearsals for an invasion of North Korea.

Who is behind the hacking attack?

Investigators link the hacking attempt to a North Korean group, widely known in the cybersecurity community as Kimsuky.

The cyber attackers reportedly tried to gain access through emails sent to South Korean contractors working at the South Korea-US combined exercise war simulation center.

The hacking group Kimsuky has been recognized for its "spear-phishing" strategies, where victims are deceived into revealing passwords or encouraged to click on malicious attachments or links.

A joint investigative effort between South Korean police and the US military uncovered that the IP address tied to this hacking attempt matched one from a 2014 cyberattack against South Korea's nuclear reactor operator.

According to the US Cybersecurity and Infrastructure Security Agency in 2020, Kimsuky is "most likely tasked by the North Korean regime with a global intelligence gathering mission."

Previous reports by researchers have highlighted the group's focus on foreign policy and national security issues related to the Korean peninsula.

North Korea has previously denied involvement in cyber espionage activities.

ss/fb (AFP, Reuters)