Phishing on the rise… This time, it was impersonated by the Cyber ​​Security Bureau of the National Police Agency.

A screenshot of a phishing email impersonating the National Police Agency’s Cyber ​​Security Bureau. /Photo = Daily NK

Following the cyberattack that the North Korean hacker used to steal the ID of an incumbent police officer, it was found that this time, he carried out a phishing attack impersonating the Cyber ​​Security Bureau of the National Police Agency. Similar to telephone financial fraud, there is an increasing number of cases of fraudulent online as investigative agencies or public institutions.

On the 13th, a representative of a North Korean human rights organization in Korea said ‘Title: [중요] The Cyber ​​Security Bureau will notify you.” The e-mail also contained the content that his affiliation was ‘Kim 00, Cyber ​​Investigation Planning Division, Cyber ​​Security Bureau, National Police Agency’.

However, the email address was ‘[email protected]’, and it was not an institutional account of the National Police Agency. When I searched the e-mail address, it appeared that it was the account of the representative of a performance group in Jeonju. It seems that hackers have hijacked or hijacked accounts and are using them for phishing.

When an expert was asked to analyze the email, it turned out to be a typical North Korean hacker’s method. This is because the attack tactics, strategies, and procedures used by the attackers are consistent with the patterns of existing North Korean hackers.

In the e-mail, “Your e-mail account has been disabled,” and instructs, “Press the button below to cancel the use and take necessary measures according to the Cyber ​​Security Bureau’s guidance.”

If you click the URL to which the cancel button is connected, a page similar to the Naver login screen appears. It deceives users with a page created in advance by a hacker rather than an actual Naver login page. If you enter your account information here, the relevant information will be delivered to the hacker.

North Korean hackers have long been carrying out phishing attacks under the names of institutions such as the Ministry of Unification, Korea Internet & Security Agency, and the Korea Institute for National Unification. Recently, the ID of an incumbent police officer who investigates cybercrime was stolen and used in an attack.

Special attention is required as more and more cases are being attempted by hackers using the public trust of public or investigative agencies.

A screenshot of a phishing email impersonating a large domestic portal site. /Photo = Daily NK

In addition, North Korean hackers continue to conduct attacks disguised as large portal sites. This is because it is a widely known attack technique, but the method is still valid.

In fact, an employee of ‘National Unification Broadcasting’, a private North Korean broadcaster, received an email on the 11th stating that ‘Your Naver account is being used illegally’. The sender is ‘ yes | server ‘. Since the name ‘Naver’ could not be used, the sender name was set as ‘Yes|Ber’.

It is a typical phishing attack method that impersonates Naver Customer Center, and as a result of asking an expert for analysis, it was identified as the work of a North Korean hacking organization.

The employee also said ‘Yes | Server ‘, I received an e-mail with the subject ‘Please check the use of the service’. As with the hacked email we received earlier, we used the sender name ‘Yes O|Ber’ and the unique domain ‘co.ko’ for the address.

The hacker persuaded them to press specific buttons in both emails. When you clicked the button, you were connected to a site disguised as a Naver login page. If you enter your account information here, the relevant information will be sent to the hacker.

As such, North Korean hackers are continuously attempting hacking and phishing, so it is necessary to pay special attention to maintaining security. In order to protect security, it is recommended to directly check whether e-mails from acquaintances, experts, work-related persons, public institutions, and investigative agencies are also sent, and do not open e-mails from unknown sources.

Carefully check the e-mail address and even open the e-mail, refrain from executing internal attachments and URLs, and ignore any requests for personal information or account input. In addition, keeping the operating system (OS), various Internet browsers, software, and vaccines up-to-date helps prevent security accidents.

It is also important to pay attention to the icon in front of the mail. A person or a green ‘N’ icon appears on mail sent from large portal sites such as Daum or Naver, and an envelope-shaped icon appears on all mail sent by general users.

Source: DailyNK by

*The article has been translated based on the content of DailyNK by If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!

*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.

*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!