/wion/media/agency_attachments/2024/12/26/2024-12-26t112006978z-wion-white-logo-for-website-2-1.png){kind=logo}
/wion/media/agency_attachments/2024/12/13/2024-12-13t071548098z-wionlogo.webp)
/wion/media/member_avatars/sites/default/files/styles/medium/public/2023/05/02/349085-whatsapp-image-2023-05-01-at-14002-pm.jpeg)
/wion/media/member_avatars/sites/default/files/styles/medium/public/2023/05/02/349085-whatsapp-image-2023-05-01-at-14002-pm.jpeg)
/wion/media/post_attachments/files/2023/06/14/359510-succession-45.jpg)
Seoul, South Korea
Seoul's spy agency on Wednesday revealed that North Korea, in an attempt to gather South Koreans' personal data, replicated the country's largest internet portal Naver in real-time.
This was part of a sophisticated phishing attack designed by Pyongyang to steal user information through several fake versions of the Naver website.
The agency further urged the residents to be cautious about wrong web addresses.
The multifarious services by Naver include Google-like maps, financial services similar to Apple Pay, and popular blogs and chat forums, which are used by South Koreans extensively on a day-to-day basis.
South Korea's National Intelligence Service said that Pyongyang had created the phishing site, naverportal.com, that replicated Naver's main page in order to hack South Koreans' valuable personal information such as IDs and passwords.
In a press release, the NIS asked South Koreans to be vigilant and check if the domain address of Naver is legitimate.
"As North Korea's hacking attack methods against our people are becoming more sophisticated, we ask people to be extra vigilant," NIS said in a statement, adding measures have been taken to block the phishing site from South Korean users.
"Please cease accessing it immediately if you spot a page that's not a standard Naver access domain URL," it said.
"If the domain address is not the legitimate Naver access domain ― www.naver.com ― such as www.naverportal.com, please immediately stop accessing it," the agency said.
Also read: Has Kim Jong-un issued secret order to ban suicide in North Korea?
The agency further revealed that previously, North Korea had attempted to steal South Korean IDs and passwords by duplicating Naver's log-in page, but creating a fake portal was a new approach.
"The North has upgraded its attack scheme in order to better extort private information," it said.
"We are tracking the activities of the hacking group in cooperation with foreign agencies as the server is located overseas."
Naver also released a statement asking users to be extra cautious while operating the portal.
"We urge users to check if the address is the right one and pay extra attention when accessing Naver," the company said.
Fake Naver site appeared 'clumsy', reveal experts
According to the experts, the fake Naver site did appear 'clumsy' but was 'good enough' to fool the ones who were not vigilant.
"By the nature of this kind of attack, South Koreans are at a disadvantage because we are on the receiving end," AFP quoted former national security official, Choi Gil-il as saying.
"We have to be constantly on guard to fend off cyber phishing."
As per the Yonhap news agency reports, North Korea's state-backed hacker group Kimsuky hacked into the intranet of the Seoul National University Hospital in the month of May and stole the personal data of about 800,000 patients and workers.
According to Seoul, Tokyo and Washington, last year, Pyongyang stole as much as $1.7 billion in cryptocurrency and backed its weapons programmes by collecting data through "malicious cyber activities".
"North Korea is carrying out omnidirectional cyberattacks, such as theft of cryptocurrency and hacking of sensitive information, all over the world," Seoul's foreign ministry said in a statement.
That activity "not only causes property damage to innocent individuals and companies but also poses a serious threat to the global IT ecosystem as a whole", it said.
(With inputs from agencies)
WATCH WION LIVE HERE