Security News

A North Korean satellite allegedly designed for reconnaissance was not viable for its alleged intended purpose, according to South Korea's military on Wednesday. North Korea attempted to put the satellite into orbit on May 31, but it instead plunged into the sea soon after it was launched.

North Korea has created a fake version of South Korea's largest internet portal, Naver, in a large scale phishing attempt, Seoul's National Intelligence Service said on Wednesday. NIS has asked the Korea Internet & Security Agency to shut down the now inaccessible phishing site.

According to Mandiant, who has tracked APT43 since 2018, the threat actor aligns with the mission of the Reconnaissance General Bureau, the main foreign intelligence service from North Korea. In particular, malware and tools have been shared between APT43 and the infamous Lazarus threat actor.

In a separate incident, another 766,846 burger-buyers whose data should have been destroyed after a retention period expired also saw their info leak, attracting a ₩10 million wrist slap. The company therefore coughed up info about 1,540 customers, and earned ₩40 million in fines.

South Korea's Ministry of Justice will create a "Virtual Currency Tracking System" to crack down on money laundering facilitated by cryptocurrencies, and rated the establishment of the facility among its priorities for the year. In third place were a raft of measures aimed at addressing various unlawful actions such as tackling organized crime, repatriating accused criminals who abscond before facing local courts, improvements to criminal justice systems - and the aforementioned crypto-tracker.

South Korea issued a publicly available notice on Wednesday to wanted man and Terraform Labs founder Do Kwon, demanding he return his passport. The Ministry of Foreign Affairs disclosure [PDF] said that officials were unable to serve the notice to Kwon so had confirmed on its website that it was invalidating his passport and requesting its return within 14 days.

The North Korea-backed Lazarus Group has been observed leveraging the Log4Shell vulnerability in VMware Horizon servers to deploy the NukeSped implant against targets located in its southern counterpart. NukeSped is a backdoor that can perform various malicious activities based on commands received from a remote attacker-controlled domain.

Another alleged member of the TrickBot gang has been apprehended, this time when trying to leave South Korea, according to published reports.His arrest was the result of an investigation U.S. authorities began into TrickBot during his time in South Korea after the botnet was used "To facilitate ransomware attacks across the US throughout 2020," according to the report.

South Korea has this week announced two new weapons: grenade-launching drones for its military, and anti-ransomware software for businesses. The nation's Defense Acquisition Program Administration has revealed that in 2022 South Korea will test grenade-launching drones that can be remotely controlled over a range of two kilometres, carrying gunpowder-filled 40mm shells.

South Korean officials have admitted that government nuclear think tank Korea Atomic Energy Research Institute was hacked in May 2021 by North Korea's Kimsuky group. Malware analyst group IssueMakersLab said in a report that it detected an attack on KAERI on May 14th. The attack saw incoming heat from 13 internet addresses, of which one was traceable to Kimsuky.