Cybersecurity firm FireEye reports that South Korea has been defending itself against a wave of Chinese and Russian cyberattacks that began about a month ago, evidently in preparation for the June 12 summit between President Donald Trump and North Korean dictator Kim Jong-un.
The Wall Street Journal quotes FireEye research that points to a China-based hacker group called TempTick and a Russian outfit called Turla as the culprits behind many of the attacks. Both of these groups have extensive experience targeting government entities. Both were keeping a relatively low profile before malware attacks on South Korea ramped up in late April and early May.
FireEye expressly identified Turla as a state-sponsored cyberwar unit working for the Russian government, while TempTick “has carried out activity consistent with government sponsorship.” Both Beijing and Moscow routinely deny they sponsor or direct any sort of hacking activity.
Another group called Tonto launched a significant malware attack on South Korea in March by creating a phony job posting for the South Korean Coast Guard and loading it with virus code. FireEye has identified Tonto as a state-sponsored hacker group loyal to the Chinese government.
The Wall Street Journal notes that cyberattacks from North Korea against South Korea have also escalated, even as North Korea talks peace and celebrates a new diplomatic opening with the South.
FireEye believes the Russian and Chinese cyberattacks are “espionage activity aimed at collecting intelligence to inform government decision making” as the Trump-Kim summit unfolds.
Much of North Korea’s hacking is devoted to stealing electronic currency to ease the pain of international sanctions, and perhaps to emphasize the cyber-threat posed by North Korea’s hacker army to give Pyongyang leverage during negotiations. North Korea’s hackers are well-funded and equipped with state-of-the-art technology obtained by exploiting sanctions loopholes.
South Korea has developed its own cyber army, nourished with a program called “Best of the Best” that urgently recruited white-hat hackers after North Korea began hitting private entities in South Korea on a massive scale in 2010. The managers of Best of the Best say South Korea is hit by thousands of cyberattacks every day that are not reported in the news.