Warning on Portal Customer Center Phishing Scams... Behind Them is a North Korean Hacking Group
"Attack Emails Sent Not Only on Weekdays but Also on Holidays and at Night"
[Asia Economy Reporter Jin-gyu Lee] East Security announced on the 11th that it detected signs of an email phishing attack disguised as if sent from the customer center of a major domestic portal company.
East Security's Security Response Center (ESRC) identified the North Korean hacking group 'Thallium' as the culprit behind this attack. Thallium gained international attention last year after being sued by the US-based Microsoft and is known to have strong ties to the 'Kimsuky' group, famous for the 2014 hacking attack on Korea Hydro & Nuclear Power.
This group has actively carried out various phishing attacks in South Korea over the past month, impersonating entities such as 'major domestic portal account errors,' 'customer centers of domestic large corporations' cloud services,' 'documents related to Kaesong Industrial Complex research,' and 'submission guidelines for academic papers in the Asia-Pacific region.' Their primary targets are individuals involved in North Korea-related fields, including journalists and government officials covering or researching North Korea, as well as leaders of North Korean defector organizations.
The attack detected by ESRC impersonates an email notification from a major domestic portal’s security service, claiming that the 'new device login alert feature' has been disabled. The email instructs recipients that the feature has been turned off and needs to be re-enabled, urging them to click the 'Go to New Device Login Alert Settings' button.
Clicking this button opens a window requesting the user to re-enter their account password for security purposes. If the user inputs their account information, it is directly captured by the hackers in this phishing attack.
Hot Picks Today
!["Rather Than Endure a 1.5 Million KRW Stipend, I'd Rather Earn 500 Million in the U.S." Top Talent from SNU and KAIST Are Leaving [Scientists Are Disappearing] ①](https://cwcontent.asiae.co.kr/asiaresize/93/2026051914165468840_1779167814.png)
"Rather Than Endure a 1.5 Million KRW Stipend, I'd Rather Earn 500 Million in the U.S." Top Talent from SNU and KAIST Are Leaving [Scientists Are Disappearing] ①
- "Not Jealous of Winning the Lottery"... Entire Village Stunned as 200 Million Won Jackpot of Wild Ginseng Cluster Discovered at Jirisan
- "I'll Stop by Starbucks Tomorrow": People Power Chungbuk Committee and Geoje Mayoral Candidate Face Criticism for Alleged 5·18 Demeaning Remarks
- "I Will Give Them a Chance for Self-Examination": Chinese Scientific Community Shaken by Influencer's Preemptive Whistleblowing
- "How Did an Employee Who Loved Samsung End Up Like This?"... Past Video of Samsung Electronics Union Chairman Resurfaces
Moon Jong-hyun, Director of East Security’s ESRC, stated, "Thallium has been consistently using highly sophisticated email phishing attacks disguised as customer centers of domestic portal companies for a long time. Recently, they have been sending attack emails not only on weekdays but also during holidays and nighttime hours, so special caution is required."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
