North Korean hackers used Seoul Halloween crush to target South Koreans with malware, Google says
- The Threat Analysis group said the malware was embedded in Microsoft Office documents which purported to be a government report on the tragedy
- Google said it has not determined what the malware, which exploited an Internet Explorer vulnerability, was intended to achieve
The malware was embedded in Microsoft Office documents which purported to be a government report on the tragedy that killed more than 150 people after tens of thousands of young revellers crowded into narrow alleyways.
“This incident was widely reported on, and the lure takes advantage of widespread public interest in the accident,” the Threat Analysis group said.
Google attributed the activity to a North Korean hacking group known as APT37 which it said targets South Korean users, North Korean defectors, policymakers, journalists and human rights activists.
South Korean officials admit responsibility over Halloween crush
Google also said it has not determined what the malware, which exploited an Internet Explorer vulnerability, was intended to achieve. It reported the problem to Microsoft on October 31 after multiple reports from South Korean users on the same day. Microsoft issued a patch on November 8.
North Korea does not respond to media inquiries, but has previously released statements denying allegations of hacking.
02:28
‘Dad, I’m going out’: Seoul crowd crush victim’s last words to her father
On Thursday, South Korean officials warned businesses against inadvertently hiring IT staff from North Korea.
In May, the United States issued a similar advisory, saying rogue North Korean freelancers were taking advantage of remote work opportunities to hide their true identities and earn money for Pyongyang.
