Police have launched an investigation after detecting signs of a phishing crime in which an entity suspected to be a North Korean hacker impersonated a Seoul city employee.
The Cyber Security Investigation Team of the Seoul Metropolitan Police Agency announced on the 13th that it conducted a search and seizure at the Seoul City Hall.
Police reportedly secured information about email accounts used by the suspected North Korean hacker through the search and seizure.
According to the police and Seoul city, the hacker is said to have hacked into some citizen accounts that can be created through the Seoul city website and randomly sent phishing emails last month. The problematic email, sent under the name of a Seoul city official, reportedly contained a request asking whether an online meeting regarding the distribution of leaflets to North Korea was possible, and it is said to have had a file attached with hidden malware.
Police believe that the IP address used in the hacking process is the same as the one previously used by the hacker group "Kim Sooki" under the North Korea Reconnaissance General Bureau. They are currently tracking the connection.
"Kim Sooki" has been reported to have employed methods of sending phishing emails by impersonating government agencies or journalists.
On the same day, Seoul city announced the hacking incident to the media and urged citizens not to open any emails that are not from the official city account (@seoul.go.kr).