Google: North Korean Hackers Used Seoul Halloween Tragedy To Distribute Malware

Google's Threat Analysis Group (TAG) stated on Thursday that the North Korean hacking organization APT37 exploited public interest in the deadly Halloween celebration tragedy in Itaewon, central Seoul, to carry out cyber attacks on South Korean targets.

Google: North Korean Hackers Used Seoul Halloween Tragedy To Distribute Malware
Image credit: Markus Spiske / Unsplash

Facts

  • Google's Threat Analysis Group (TAG) stated on Thursday that the North Korean hacking organization APT37 exploited public interest in the deadly Halloween celebration tragedy in Itaewon, central Seoul, to carry out cyber attacks on South Korean targets.
  • Users in South Korea reportedly received suspicious rich text format (RTF) documents disguised as a press release about the tragedy on Oct. 31, two days after the event in which more than 150 people died.
  • The malicious documents were designed to exploit a zero-day vulnerability against computers running Internet Explorer (IE). Although IE has been retired and replaced by Microsoft Edge, Office still uses its engine to execute the JavaScript that enabled the attack.
  • The vulnerability was discovered on Oct. 31, when several people uploaded a Microsoft Office document to VirusTotal — a service that analyzes files for viruses.
  • The Google team's report comes as a UN panel of experts that monitors sanctions on Pyongyang has accused North Korea of using stolen funds — gained through hacking — to support its nuclear and ballistic missile programs to bypass sanctions.
  • Blockchain firm Chainalysis claims that North Korean hackers stole $840M worth of digital assets in the first five months of 2022, up from $400M in 2021. Three computer programmers linked to the North Korean military were charged by the US DOJ last year, for extorting or stealing more than $1.3B in cash and cryptocurrency since 2014.

Sources: Korea Joongang Daily, NK, TechCrunch, KBS world, Reuters, and Al Jazeera.

Narratives

  • Pro-establishment narrative, as provided by Voa. North Korea has for years carried out a government-backed hacking campaign, so this news is no surprise. While exploiting a tragedy to distribute a corrupted document would be outrageous for any country in the world, it hardly constitutes a new low for Pyongyang which, rather than offering up condolences over the incident, instead fired an unprecedented barrage of missiles during the South's period of mourning.
  • Establishment-critical narrative, as provided by Pyongyang Times. The US has a reputation for blaming cyber attacks on its enemies, even while hypocritically hacking, wiretapping, and carrying out criminal cyber acts — it should come as no surprise that the US-based company Google is now accusing North Korea of hacking activities. Washington does not want to protect cyberspace, but rather to create a confrontational environment that favors its hegemony.

Predictions