Congressman Secretary's Email Found to Be Hacked by North Korea
Email Surveillance of 49 People Including Professors
Ransomware Distribution from Some Company Servers
[Asia Economy Reporter Seongpil Cho] The National Police Agency’s National Investigation Headquarters announced on the 25th that an investigation into emails impersonating secretaries of National Assembly members revealed that the hacking was carried out by a North Korean hacking group. This group took control of 326 servers across 26 countries (87 servers domestically) through indiscriminate hacking both inside and outside the country, using them as relay points for IP address laundering.
According to the police, from April to October this year, the group sent emails impersonating secretaries of National Assembly members or reporters to at least 892 experts in diplomacy, unification, security, and defense, directing them to phishing sites or attaching malicious programs via the laundered IP addresses. Among them, 49 individuals accessed the phishing sites and entered their IDs and passwords. The hacking group monitored the victims’ sent and received emails in real time, extracting attached documents and address books.
The police explained that this investigation confirmed for the first time domestically that the North Korean hacking group distributed ransomware demanding money. A police official stated, “Some of the servers they controlled were infected with ransomware to demand money,” adding, “The confirmed damage scale involves 19 servers from 13 domestic companies.”
The police judged that this case was the work of the North Korean hacking group by comparing it with previously identified North Korean-origin incidents such as the “Korea Hydro & Nuclear Power hacking incident” and the “National Security Office impersonation email sending incident.” The basis for this judgment included ▲IP addresses of the attack origin ▲overseas site registration information ▲methods of intrusion and management of relay points ▲characteristics of malicious programs ▲use of North Korean vocabulary ▲and the consistent targeting of experts in diplomacy, unification, security, and defense.
The police notified the affected companies and cooperated with the Korea Internet & Security Agency and antivirus companies to block the phishing sites. They also provided related information on the North Korean hacking group’s intrusion methods and hacking tools to relevant agencies to aid in the formulation of information security policies.
Hot Picks Today
!["Rather Than Endure a 1.5 Million KRW Stipend, I'd Rather Earn 500 Million in the U.S." Top Talent from SNU and KAIST Are Leaving [Scientists Are Disappearing] ①](https://cwcontent.asiae.co.kr/asiaresize/93/2026051914165468840_1779167814.png)
"Rather Than Endure a 1.5 Million KRW Stipend, I'd Rather Earn 500 Million in the U.S." Top Talent from SNU and KAIST Are Leaving [Scientists Are Disappearing] ①
- "You Might Regret Not Buying Now"... Overseas Retail Investors Stirred by News of Record-Breaking Monster Stocks' IPOs
- "Not Jealous of Winning the Lottery"... Entire Village Stunned as 200 Million Won Jackpot of Wild Ginseng Cluster Discovered at Jirisan
- How Investment Strategies Differ Between 70s and 20s Retail Investors
- "How Did an Employee Who Loved Samsung End Up Like This?"... Past Video of Samsung Electronics Union Chairman Resurfaces
The police anticipate that such attempts by North Korea will continue in the future and urged strengthening security settings such as access control to computer networks, periodic changes of email passwords, enabling two-factor authentication, and blocking access from other countries. A police official stated, “We will continue to mobilize all policing capabilities to detect and track organized cyberattacks and work closely with related agencies to prevent damage.”
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
