In a first, authorities in South Korea say they’ve seen ransomware being used by North Korea’s state-sponsored threat actors against South Korean businesses and organisations.

The South China Morning Post cites the South Korean National Police Agency as saying that hackers attempted to get access to the personal information and email addresses of at least 893 foreign policy specialists in the nation.

Academics and specialists from think tanks were the primary targets of the phishing emails.

Cyberattacks from North Korea that encrypt user data

The assailants pretended to work in the People Power Party of President Tae Yong-ho or to be affiliated with the Korea National Diplomatic Academy. As early as April 2022, the emails were being sent out with malicious files or links to compromised websites.

The investigation revealed that at least 49 victims fell for the scam and allowed the attackers access to their email accounts and other sensitive information.

At least 13 businesses, largely e-commerce sites, were hit by the ransomware assaults, with two of them paying the demanded sum of 2.5 million won (less than$2,000) to decrypt their files.

Investigators are working to determine who is responsible for these assaults after learning that the perpetrators utilised 326 “detour” servers in 26 countries to mask their true whereabouts.

But they think it’s very probable that the same organisation attacked Korea Hydro & Nuclear Power in 2014, which raises serious security concerns.

The IP addresses used in the attacks, the efforts to induce the targets to sign into foreign websites, the use of North Korean diction, and the choosing of targets are the key grounds that North Koreans are behind this operation (diplomacy experts, inter-Korean unification thinkers, national security and defence experts).