Ransomware aimed at South Korea in early 2017 may be work of North Korea, firm says

North Korean hackers may have sent phishing emails to South Korean organizations in late 2016 and early 2017 that carried ransomware, according to private sector intelligence firm Intel 471. Intel 471 obtained information about several samples related to this peculiar phishing email campaign, which in one case targeted a South Korean political organization earlier this year. “The sender was fluent in Korean and had a good familiarity with Korean culture,” said Intel 471 CEO Mark Arena, a former chief researcher with FireEye’s intelligence collection group iSight Partners. “The email included a fake Microsoft Word .doc file that when run, dropped ransomware and a likely Chinese originated trojan that could perform distributed denial of service attacks.” Oddly, although the phishing emails clearly targeted specific South Korean organizations, the ransomware itself was not capable of encrypting the most popular file type in Korea, .hwp (Hanword). It’s not clear why the attackers sent what … Continue reading Ransomware aimed at South Korea in early 2017 may be work of North Korea, firm says