Thursday, December 03, 2020

North Korea hackers created spoof Hyundai sites, report says

North Korean hackers are believed to be behind hoax intranet sites bearing the name of Hyundai Motor Group, the largest South Korean car manufacturer.
 Photo by Stephen Shaver/UPI | License Photo

Dec. 3 (UPI) -- North Korean hackers are believed to be behind hoax intranet sites bearing the name of Hyundai Motor Group, the largest South Korean car manufacturer, according to a local press report.

Donga Ilbo reported Thursday hackers created spoof websites that were near identical to the websites of Hyundai Steel, Hyundai Engineering and Construction and the car group.


Kia Motors and Hyundai Motor Co., which operate under the conglomerate, were not targeted. Cybersecurity experts say North Koreans likely created the sites to steal information from Hyundai employees, according to the report.

The spoof sites, which employees described as "very similar" to the company networks, vanished Thursday afternoon. Analysts say the sites were created earlier in the week with URLs similar to the those of the company. It is likely hackers created the site with the aim of phishing or email spoofing victims.

Any ID or password entered on the fake online site would have been transmitted to hackers, potentially given them access to the company intranet and enabling them to snatch corporate secrets.

Hyundai Motor Group said Thursday no damage occurred.

A South Korean computer security expert said evidence exists that the cybercriminals who built the spoof Hyundai sites used the same servers accessed by North Korean hackers believed to be responsible for targeting pharmaceutical companies.

North Korean hackers may have attacked at least six pharmaceutical companies in the United States, Britain and South Korea, all working on COVID-19 treatments, The Wall Street Journal reported Wednesday.

Johnson & Johnson and Novavax Inc. in the United States and Genexine Inc., Shin Poong Pharmaceutical Co. and Celltrion Inc. in South Korea have been breached. Johnson & Johnson and Novavax Inc. are working on experimental vaccines.

Chun Soo-hong, senior regional director of FireEye Korea, a cybersecurity provider, told the Donga hackers have also attempted to steal information about South Korean semiconductors. Cybercriminals sometimes hack logistics handlers to uncover information about semiconductor deliveries, Chun said.

"To minimize damage, there is no other option than to continue training employees to delete suspicious emails and texts without opening them," Chun said.



No comments:

Post a Comment