North Korean cyberattackers infiltrate into Ukraine
- Cyberpeace Tech
- Jun 4
- 2 min read
Updated: 2 days ago
In the midst of the conflict between Ukraine and Russia, increasing activity by a North Korean-sponsored cybercrime group has been detected. This collective, known for its interest in obtaining political and strategic information, has targeted Ukrainian government institutions, using social engineering methods to obtain credentials and spread malware.
The attacks have focused on phishing campaigns, i.e. fraudulent emails pretending to come from trustworthy figures, such as members of research centers or think tanks.
To deceive their victims, these messages included relevant topics related to the political situation in Ukraine, which increased their credibility.
Techniques used to infiltrate systems
A recurring technique used by the attackers was to send files with extensions such as HTML and CHM, which executed commands via PowerShell. In some cases, the emails included links to file storage platforms, such as MEGA, from where password-protected compressed files were downloaded.
Opening them started an infection chain designed to thoroughly scan the affected computer.
In addition to distributing malware, the group also attempted to obtain credentials via spoofed messages purporting to be Microsoft security alerts. These emails, sent from encrypted email services, warned of suspicious logins and invited victims to click on malicious links.
North Korean cyberattacks: a global risk
The strategy points to a deeper motivation: to obtain political and strategic information to anticipate moves in the conflict. The actions suggest that North Korea seeks to know the environment and possible scenarios that could impact its participation in the war, considering its alleged commitment to Russia.
Although this operation has as its context the war in Eastern Europe, Mexico can take it as a warning.
Mexican government institutions are also exposed to phishing campaigns, credential theft and international espionage.
This case highlights the importance of strengthening national cybersecurity and being prepared for actors with geopolitical objectives.
The case of North Korean cyberattacks in Ukraine is evidence of how modern armed conflicts are no longer fought only on battlefields, but also in cyberspace.
At Cyberpeace, we recommend staying informed about cybersecurity issues and other digital threats. Prevention and knowledge are your best allies to protect your online identity. Interested in learning more about cybersecurity and digital privacy? Follow our networks and stay informed.
Comentários