SEOUL—Russian and Chinese hackers have targeted South Korean entities, likely government groups, ahead of next week’s U.S.-North Korea summit, a cybersecurity researcher says.
The cyberattacks were carried out as recently as early May by groups with a record of targeting foreign ministries and financial institutions, according to
a U.S. cybersecurity firm.
FireEye is investigating which specific entities were targeted and to what extent the attacks were successful. But the hacking efforts illustrate how South Korea remains a high-profile target for a range of digital assaults as Seoul balances its status as a U.S. ally with its efforts to engage with the North Korean regime.
The country is also fending off an escalation in cyberattacks from North Korea, even after the two countries agreed to pursue a peace treaty at an April 27 summit, The Wall Street Journal reported last month.
South Korea’s presidential Blue House said it had yet to receive any reports from government agencies about the hacks.
FireEye has described Turla as a state-sponsored outfit, while TempTick has carried out activity consistent with government sponsorship.
The Chinese government has said its law doesn’t tolerate computer hacking in any form and that it would punish those engaged in illegal behavior, adding that the country is one of the world’s biggest victims of cyberattacks. Russia has denied involvement in major hacks linked to the country.
The identified malware in some cases hadn’t surfaced in years, said
who leads FireEye’s cyber-espionage analysis team. “It’s not like we saw these guys in December, November or October. We don’t see these things every single month,” Mr. Read said. “This suggests a ramp-up.” He expects the pace to continue increasing before the June 12 summit.
China-based TempTick, which has been around since at least 2009, has traditionally focused on South Korea and Japan, hitting financial institutions and government entities including aerospace. Turla, the Russian group, is a sophisticated hacking operation that has long sought high-level, diplomatic intelligence.
FireEye researchers also identified attacks in March by a second Chinese group, called Tonto, in which it distributed malicious files in a fake posting for a job with the South Korean coast guard. The Tonto group, which FireEye describes as state-sponsored, had been connected to attacks last year of South Korean entities involved in the deployment of a U.S. missile-defense system that has irked Beijing.
Write to Timothy W. Martin at [email protected]