(LEAD) N. Korean hackers suspected of attacks using fake S. Korean gov't addresses

(ATTN: ADDS more details in paras 7-9)

SEOUL, June 25 (Yonhap) -- Hacker groups linked to North Korea are suspected of carrying out cyberattacks by using manipulated email addresses from the South Korean government to steal user information, cybersecurity firm ESTsecurity said Friday.

The security company said it detected a cyberattack Tuesday, when the hackers used a manipulated email address from the Ministry of Unification. On Thursday, the hackers used an address from the state-run Korea Institute for National Unification.

ESTsecurity said it suspects North Korea-linked hacking organizations, such as Thallium and Kimsuky, to be behind the attacks, which manipulated the sender emails to appear as official government addresses.

The emails in the attacks included links to documents that appeared to be official government reports.

When users click the links, they would be directed to enter their email passwords, which would then allow hackers to steal the information, according to ESTsecurity.

The security firm said it traced the two incidents to a server that had been long used for other cyberattacks.

The server had been used in an attack detected on June 18 against the Institute for National Security Strategy.

ESTsecurity did not elaborate on the targets of the latest cyberattacks, though it said Thallium usually targets officials and journalists in the foreign relations and security sectors.

The cyberattacks are the latest in a series of recent hacking incidents suspected of being carried out by North Korean groups.

Last week, the science ministry acknowledged that a state-run nuclear research institute was the target of a cyberattack last month.

Rep. Ha Tae-keung of the main opposition People Power Party has accused a hacker group associated with a North Korean intelligence agency of being behind the attack.

yunhwanchae@yna.co.kr
(END)