North Korea Trying to Hack South Korea Anti-Coronavirus Efforts: Report
November 30, 2020 Topic: North Korea Region: Asia Blog Brand: Korea Watch Tags: North KoreaSouth KoreaCoronavirusVaccineHacking

North Korea Trying to Hack South Korea Anti-Coronavirus Efforts: Report

Pyongyang cannot make its own vaccine, but it would love to disrupt Seoul's efforts.

Earlier this month, Tom Burt, Microsoft’s Corporate Vice President, Customer Security & Trust, wrote that he believes that multiple hacking personas, including one from Russia and two from North Korea, are attempting to hack into efforts around the world to develop vaccines and treatments for the coronavirus.

In Burt’s analysis, the hackers, including the North Korean personas known as Zinc and Cerium. are going after vaccine makers with treatments in “various stages of development,” including some in Canada, France, India, South Korea and the United States. 

Now, there’s another report specifically about such efforts in South Korea.

According to a report by The Guardian, which cited a South Korean lawmaker named Ha Tae-keung, South Korea’s intelligence agency has “foiled attempts by North Korean hackers to disrupt attempts to develop a Covid-19 vaccine.”

Ha, described by the newspaper as “a conservative member of the national assembly,” did not identify which pharmaceutical companies in South Korea were targeted in the hacking attempts.

According to a report by Yonhap News Service in early October, several South Korean firms are working on treatments and vaccines for the virus. Celltrion Inc.’ is working on an antiviral antibody treatment candidate that it calls CT-P59, while a firm called Bioneer Corp. is at work on a coronavirus vaccine. SK Bioscience Co. is also in the vaccine race and has teamed with AstraZeneca to produce vaccines once they are developed. The South Korean government has also pledged the equivalent of $80 million to “help local firms develop homegrown vaccines and treatment drugs.”

The Guardian report also cited Burt, the Microsoft expert who had warned earlier this month of attempts to hack bio firms.

A government report in October found that North Korea currently has as many as 6,000 active hackers. Issued jointly by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the U.S. Cyber Command Cyber National Mission Force (CNMF), the warning referenced the North Korean hacking group known as “Kimsuky.”

Kimsuky, per that report, had been “tasked by the North Korean regime with a global intelligence gathering mission,” using such tactics as email spearfishing.

“The APT group has used web hosting credentials—stolen from victims outside of their usual targets—to host their malicious scripts and tools,” the government said. “Kimsuky likely obtained the credentials from the victims via spearphishing and credential harvesting scripts. On the victim domains, they have created subdomains mimicking legitimate sites and services they are spoofing, such as Google or Yahoo mail.”

This followed the October 22 announcement by the FBI and the intelligence committee that hackers from both Russia and Iran were looking to interfere in the 2020 election.

Stephen Silver, a technology writer for The National Interest, is a journalist, essayist and film critic, who is also a contributor to Philly Voice, Philadelphia Weekly, the Jewish Telegraphic Agency, Living Life Fearless, Backstage magazine, Broad Street Review and Splice Today. The co-founder of the Philadelphia Film Critics Circle, Stephen lives in suburban Philadelphia with his wife and two sons. Follow him on Twitter at @StephenSilver.

Image: Reuters.