Google’s anti-hacking unit, also known as the Threat Analysis Group, has revealed in a report that North Korean government-funded hackers used the Itaewon Halloween tragedy for numerous malware attacks. The way these hackers went about was pretty dubious.
The hackers planted malicious code in MS Office documents and disguised them as official documents from the South Korean government about the Halloween incident.
A massive crowd was struck by disaster in the city of Itaewon on October 29, when thousands of people gathered to celebrate Halloween after missing the festival celebrations for almost two years because of the pandemic. Itaewon, as a city, was known for its nightlife and party culture. The disaster claimed the lives of 158 young people, as per official records.
Google’s Threat Analysis Group traced the activity to a group of North Korean government-backed hackers known as APT37. This group has a proven track record of targeting the South Korean population in general, as well as North Korean defectors, policymakers, journalists, and human rights activists from across the world who speak against North Korea’s brutal treatment of their people.
“This incident was widely reported on, and the lure takes advantage of widespread public interest in the accident,” Threat Analysis Group said.
Google said it had reported a related software vulnerability to Microsoft within hours of its discovery on October 31. Microsoft issued a patch to fix the issue on November 8.
North Korean hackers have often been held responsible for several significant cyberattacks worldwide. Many of these cyberattacks have been in the form of attacks on banks or ransomware attacks which have been aimed at gathering funds for the cash-strapped regime of Kim Jong-un.
As per Threat Analysis Group and blockchain analysis firm Chainalysis, North Korean state-sponsored hackers have stolen digital assets and money worth over $840 million in the first five months of 2022. In 2021, the hackers stole just a little over $400 million.
A panel of experts set up by the United Nations to monitor the enforcement of sanctions on North Korea has often accused Pyongyang of using hacked funds to develop nuclear weapons and ballistic missiles, which are then used to threaten South Korea and its allies, especially the US.
Last year, the United States Department of Justice charged three computer programmers linked to the North Korean military for extorting or stealing more than $1.3 billion in cash and cryptocurrency through a series of cyberattacks back in 2014.
North Korea, meanwhile, has always denied the allegations of these attacks and has maintained that we carry out these cyberattacks. North Korea often accuses the US and its allies of spreading false rumors.