phishing

41.6% of South Korean workers open simulated phishing emails

Officials at the Korea Internet & Security Agency (KISA) check Internet systems at the KISA situation room in Seoul, South Korea. Photo by YONHAP / EPA

June 26 (Asia Today) — More than 4 in 10 South Korean employees who participated in a government cybersecurity exercise opened simulated phishing emails, but companies that had conducted repeated training recorded significantly better results, officials said Friday.

The Ministry of Science and ICT and the Korea Internet & Security Agency announced the findings at a review meeting at the Post Tower in central Seoul.

A total of 630 companies and 255,460 employees participated in the government’s cybersecurity crisis response exercise for the first half of 2026.

The government conducts the exercise twice a year to improve security awareness and strengthen companies’ ability to respond to cyberattacks.

The latest exercise was held from May 11 through May 22 and covered four areas: phishing emails, distributed denial-of-service attacks, penetration testing and vulnerability detection and response.

The phishing exercise targeted employees at 569 companies.

Participants received simulated malicious emails designed to resemble messages from familiar institutions or routine workplace correspondence.

The government monitored whether participants opened the emails and clicked attached files that would have triggered malware infections in a real attack.

The results showed that 41.6% of participants opened the simulated phishing emails. About 12.7% clicked an attachment and reached the simulated malware infection stage.

Large companies, which had the highest rate of conducting their own cybersecurity exercises, recorded the lowest figures.

Employees at large companies had an email open rate of 35.4% and a simulated infection rate of 9.8%, highlighting the value of repeated training, officials said.

The distributed denial-of-service exercise tested web servers and development servers at 147 companies by sending simulated attack traffic.

Officials measured how quickly each company detected and responded to the traffic.

Companies that had previously participated in the exercise took an average of 20 minutes to detect and respond to the attack.

First-time participants took an average of 64 minutes, more than three times as long.

The vulnerability assessment covered 241 companies.

Investigators found 28 types of security vulnerabilities at 32 companies. Twelve of those companies had six types of vulnerabilities that required immediate corrective action.

The ministry and the agency provided the affected companies with their assessment results and instructions for addressing the weaknesses.

Lim Jeong-gyu, director general for information security network policy at the ministry, said the emergence of advanced artificial intelligence was making cyber threats facing companies increasingly serious.

“Building technical defense systems is important, but having all employees directly experience and respond to a simulated crisis can prove invaluable at a critical moment,” Lim said.

He encouraged companies to participate regularly in cybersecurity exercises rather than treating them as one-time events.

Reported by Asia Today; translated by UPI

© Asia Today. Unauthorized reproduction or redistribution prohibited.

Original Korean report: https://www.asiatoday.co.kr/kn/view.php?key=20260626010009374

Source link

North Korean hackers pose as police in spear phishing attacks

The National Office of Investigation (NOI), provides a briefing on emails sent by North Korean hackers, using false identities of South Korean government agencies and news organizations, at the NOI headquarters in Seoul, South Korea. Photo by YONHAP / EPA

May 14 (Asia Today) — A North Korean hacking group linked to the country’s military intelligence agency has posed as police investigators, defense officials and North Korea experts in spear phishing attacks targeting South Korean security and policy figures, a cybersecurity company said Thursday.

Genians, a South Korean information security company, said it detected cyberattacks suspected of being linked to APT37, a North Korea-backed hacking group associated with the Reconnaissance General Bureau.

The group is known for cyber espionage targeting people involved in North Korea affairs and for hacking operations aimed at financial gain.

The latest attacks targeted people working in defense, national security and North Korea-related fields. Spear phishing is a targeted hacking method that uses customized messages and information to trick specific individuals, rather than sending generic malicious emails to large groups.

Hackers used personal details to build trust

According to Genians, the hackers used a range of impersonation tactics to lower victims’ guard, including posing as police officers, defense officials, airline ticket issuers and North Korea research groups.

In one message, the hackers claimed they had obtained North Korean nuclear power plant materials and were preparing a program to help researchers better understand the subject.

In another, a person claiming to be a police investigator said a hacking case had uncovered the recipient’s email address on a suspicious server.

The attackers also used publicly available information and personal data obtained through previous hacking attempts to make their messages appear credible.

In some cases, they used actual names, affiliations and background information before creating emotional rapport, such as claiming to be a defense official approaching retirement who wanted to work on meaningful projects with others in the same field.

Genians said the attacks continued through last month. The final save time of one malicious file was identified as the morning of April 17.

The document was linked to an account named “Lailey,” which Genians said was also used in 2022 attacks impersonating the National Unification Advisory Council and the U.N. human rights office in Seoul.

North Korea seen strengthening cyber operations

The report comes after North Korea reorganized and renamed several intelligence bodies.

In March, North Korea changed the name of its Ministry of State Security to the State Intelligence Bureau. Last September, it expanded and renamed the Reconnaissance General Bureau as the Reconnaissance Intelligence General Bureau.

The Reconnaissance Intelligence General Bureau is believed to be the organization behind APT37.

Genians said the use of the word “intelligence” in both agencies’ names suggests North Korea is seeking to strengthen its external information collection, analysis and cyber operations.

Cybersecurity experts warned that ordinary cryptocurrency holders could also become targets because North Korea uses hacking to generate foreign currency.

South Korea’s National Intelligence Service has said North Korea stole more than 2 trillion won, or about $1.4 billion, through cryptocurrency and other hacking operations targeting South Koreans and foreign virtual assets last year. The agency said it was the largest amount ever stolen by North Korean hackers.

North Korea is also believed to use cyberattacks to steal defense, information technology and other industrial technologies.

— Reported by Asia Today; translated by UPI

© Asia Today. Unauthorized reproduction or redistribution prohibited.

Original Korean report: https://www.asiatoday.co.kr/kn/view.php?key=20260514010003935

Source link