According to Google’s anti-hacking unit, state-sponsored hackers from North Korea used the Halloween crowd crush in South Korea’s Itaewon to target internet users with malware.
According to the Threat Analysis Group, the hackers implanted harmful software into Microsoft Office documents that were posed as a South Korean government report on the Halloween crush.
Thousands of Halloween revellers jammed into a small passageway in Itaewon’s nightlife neighbourhood on October 29, resulting in the death of 158 persons.
Once opened, the document would download another file that would attempt to deploy malware onto the user’s device.
These hackers reportedly exploited a weakness in the Internet Explorer web browser. This type of attack is also known as a zero-day vulnerability.
“We attribute this activity to a group of North Korean government-backed actors known as APT37,” Google added, while saying that the group has previously carried out similar attacks.
Google became aware of the North Korean malware in October 2022, after multiple users from South Korea uploaded the document to the company’s VirusTotal tool, which analyzes suspicious files.
Google informed Microsoft about the attack and the latter sent out security updates to protect users from the attack.
“This is not the first time APT37 has used Internet Explorer 0-day exploits to target users. The group has historically focused their targeting on South Korean users, North Korean defectors, policymakers, journalists and human rights activists,” Google said.
According to Chainalysis, North Korean hackers also stole digital assets worth USD 840 million in the first five months of 2022, up from USD 400 million in 2021.
The country has been charged with using stolen cash to finance its illegitimate development of nuclear arsenals, according to the United Nations.
Three computer programmers connected to the North Korean military were accused by the US Department of Justice of extorting or stealing more than USD 1.3 billion in cash and cryptocurrency starting in 2014 through a series of cyberattacks.
The country hit back at Uncle Sam by accusing the latter and allies of “spreading ill-hearted rumours”.
South Korea has asked its tech companies to be cautious while hiring staffers from the neighbouring nation.