North Korea is linked to a cyberattack disguised as a Covid vaccine

Written By: John Yoon © 2022 The New York Times Company The New York Times
Pyongyang, North Korea Updated: Apr 02, 2022, 11:33 PM(IST)

File photo: A man holds a laptop computer as cyber code is projected on him in this illustration picture Photograph:( Reuters )

Story highlights

The cyberattack, which came less than a week after North Korea conducted its most powerful intercontinental ballistic missile test to date, was sent from an email address belonging to the Korean Society for Health Promotion and Disease Prevention

Hackers linked to North Korea were suspected of carrying out a cyberattack on South Koreans through emails disguised as official messages sent from a medical journal calling on recipients to book appointments for a new coronavirus vaccine, a South Korean cybersecurity company said in a statement Friday.

The cyberattack, which came less than a week after North Korea conducted its most powerful intercontinental ballistic missile test to date, was sent from an email address belonging to the Korean Society for Health Promotion and Disease Prevention, the company said. This was possible because the hackers had infiltrated the medical journal’s server and email account in what the company, ESTsecurity, called a phishing attack.

“We have confirmed that the camouflage methods and tactical commands used to steal the account exactly matched the other cases of cyberattacks linked to North Korea,” the company said, adding that the email’s header contained a code found in previous attacks that analysts have linked to North Korea.

Previously, North Korean hackers have used cyberattacks on governments, companies and financial institutions to steal information and millions of dollars to fund their own government. ESTsecurity has also attributed to North Korea similar phishing attacks sent from email addresses belonging to agencies such as the Ministry of Defense and the Ministry of Unification.

The latest email attack targeted mostly South Koreans working in fields dealing with North Korea, the company said, and appeared to be designed to trick the recipients into providing personal information to the hackers by making them believe they were registering for the new vaccine.

A screenshot of the email included in ESTsecurity’s statement showed language advertising “the newest COVID-19 vaccine,” information on when it would be available to “purchase” and a link that the company said was disguised as a vaccine registration site.

“On March 25, 2022, the vaccine was researched and developed by the N.I.H., a national medical research institute under the U.S. Department of Health and Human Services,” the email said, adding that the new vaccine was effective for people ages 65 and older against new variants, including delta and omicron. The emails were sent Tuesday.

Read in App