Massive North Korean phishing attack used K-pop and horoscope lures: South Korean police
The police said that over 120,000 emails laced with malware and links to spoofed websites were sent to nearly 18,000 individuals
The National Police Agency said on Tuesday that 126,266 such phishing emails had been sent to 17,744 individuals between November 2024 and January this year.
“In the past, these actors targeted individuals interested in North Korean affairs,” said Kim Young-woon, head of the agency’s cyberterrorism unit. “This time, they deployed 30 different promotional formats in a broad campaign.”
The phishing emails mimicked legitimate content ranging from daily horoscopes and health newsletters to tax refund notices and concert invitations featuring Lim Young-woong, one of South Korea’s most popular pop ballad singers, according to JoongAng Daily.
Victims who clicked on links in the emails were taken to phishing websites designed to resemble trusted platforms such as Naver or Google, and were prompted to enter login details.
02:35
From survival to stardom: North Korean defectors set for historic K-pop music debut
One email, titled “Defence Counterintelligence Command’s Martial Law Documents Revealed”, urged recipients to download an attachment purported to contain official documents reviewing whether ousted president Yoon Suk-yeol had the right to refuse a National Assembly request to lift martial law.