North Korean hackers used Itaewon tragedy for malware: Google

Google’s anti-hacking unit says state-backed hackers exploited the Halloween disaster to target Internet users with malware.

North Korean hackers took advantage of South Korea’s deadly Halloween crowd to target Internet users with malware, according to a report by Google’s anti-hacking unit.

State-backed hackers placed malware in Microsoft Office documents disguised to look like a South Korean government report on the Halloween crush, the Threat Analysis Group said in a report released Wednesday.

The October 29 disaster, which occurred when thousands of Halloween revelers filled a narrow alleyway in the Itaewon nightlife district, resulted in the deaths of 158 young people.

Threat Analysis Group said it had traced the activity to a North Korean government-backed hacker group known as APT37, which has a history of targeting South Korean users, North Korean defectors, lawmakers, journalists and human rights activists.

“This incident was widely reported, and the decoy takes advantage of the widespread public interest in the accident,” Threat Analysis Group said.

Google said it had informed Microsoft about a related software vulnerability within hours of its discovery on October 31. Microsoft issued a patch to fix the issue on November 8.

North Korean hackers have been blamed for numerous cyber attacks around the world, many of them cyber heists aimed at raising funds for the cash-strapped Kim Jong-un regime.

North Korean hackers stole $840 million worth of digital assets in the first five months of 2022, up from $400 million a year earlier, according to blockchain analytics firm Chainalysis.

The United Nations panel of experts tasked with monitoring the application of sanctions on North Korea has accused Pyongyang of using hacked funds to support its illicit development of nuclear weapons and ballistic missiles.

Last year, the United States Department of Justice charged three computer programmers with ties to the North Korean military with extorting or stealing more than $1.3 billion in cash and cryptocurrency through a series of cyberattacks that began in 2014. .

North Korea, which rarely responds to international media, has denied carrying out cyber attacks, accusing the United States and its allies of “spreading malicious rumors.”