North Korean hackers exploited South Korea’s deadly Halloween crowd crush to target internet users with malware, according to a report by Google’s anti-hacking unit.
The state-backed hackers planted malicious software in Microsoft Office documents disguised to look like a South Korean government report on the Halloween crush, the Threat Analysis Group said in a report released on Wednesday.
The October 29 disaster, which occurred when thousands of Halloween revellers packed into a narrow alleyway in the nightlife district of Itaewon, resulted in the deaths of 158 young people.
Threat Analysis Group said it had traced the activity to a group of North Korean government-backed hackers known as APT37, which has a history of targeting South Korean users, North Korean defectors, policymakers, journalists and human rights activists.
“This incident was widely reported on, and the lure takes advantage of widespread public interest in the accident,” Threat Analysis Group said.
Google said it had reported a related software vulnerability to Microsoft within hours of its discovery on October 31. Microsoft issued a patch to fix the issue on November 8.
North Korean hackers have been blamed for numerous cyberattacks worldwide, many of them cyber-thefts aimed at gathering funds for the cash-strapped regime of Kim Jong-un.
North Korean hackers stole $840m worth of digital assets in the first five months of 2022, up from $400m the previous year, according to blockchain analysis firm Chainalysis.
The United Nations panel of experts tasked with monitoring the enforcement of sanctions on North Korea has accused Pyongyang of using hacked funds to support its illicit development of nuclear weapons and ballistic missiles.
Last year, the United States Department of Justice charged three computer programmers linked to the North Korean military with extorting or stealing more than $1.3bn in cash and cryptocurrency through a series of cyberattacks beginning in 2014.
North Korea, which rarely responds to international media, has denied carrying out cyberattacks, accusing the US and its allies of “spreading ill-hearted rumours”.