North Korean hacking group monitors ex-ministers' emails for months - police

A North Korean hacking group has secretly monitored emails of former South Korean Cabinet minister-level officials for months over the past year and stolen their personal information, police said on June 7.

The North's hacking organization identified as "Kimsuky" has been found to be behind a large amount of phishing emails sent to the South's officials in the fields of diplomacy and security last year, the National Police Agency (NPA) said, Yonhap reports.

This photo provided by the National Police Agency shows a phishing email sent by North Korean hacking group Kimsuky to a South Korean official

The NPA said Kimsuky distributed malicious emails to 150 diplomacy and security experts from April to July last year to induce them to access their phishing sites. Then, a total of nine people -- three former minister-level and vice minister-level officials, one incumbent government official, four academics and experts and one reporter -- have been confirmed to have accessed the North's phishing sites and have their account information stolen, it noted.

Kimsuky is said to have monitored the victims' email transmission and reception details in real time for four to nine months and stolen their attached documents and address directories, though there were no confidential materials among the stolen information, the NPA said.

Kimsuky is widely known for its 2014 hacking of Korea Hydro & Nuclear Power Co., a South Korean power generation agency. The Seoul government imposed unilateral sanctions on Kimsuky last Friday.

The NPA said it and the National Intelligence Service have identified Kimsuky as the culprit after analyzing about 5,800 phishing emails and confirming internet protocol addresses of the sources of the hacking attacks and the methods of establishing waypoints.

Kimsuky was found to have taken control of a total of 138 servers -- 36 in South Korea and 102 abroad -- by hacking and laundered internet protocol addresses before distributing the phishing emails, the agency said, adding it has identified a new four-step attack method of North Korean hacking organizations, including Kimsuky.