North Korea Hacks South Korean President's Aide's Personal Emails Ahead of UK State Visit

The South Korean president's administration revealed to the BBC that North Korea had compromised the personal emails of one of his aides.

The breach took place prior to President Yoon Suk Yeol's state visit to the UK last November. According to the president's office, a staff member's personal email account was compromised after being used for official work.

North Korea Hackers Breach South Korean President's Office

South Korea Holds Presidential Election — (Photo : Kim Hong-Ji - Pool/Getty Images)
SEOUL, SOUTH KOREA - MARCH 10: South Korean President-elect Yoon Suk-Yeol speaks during a news conference at the National Assembly on March 10, 2022 in Seoul, South Korea. Main opposition candidate Yoon Suk-yeol was elected South Korea's next president.

There has been a scenario where hackers from North Korea managed to breach the South Korean President's office. They were able to obtain sensitive information by exploiting the use of a personal email account for official purposes. Unnamed sources have revealed that sensitive information, including President Yoon's travel itinerary and private messages, was compromised in the breach. However, the exact nature of the leaked information has not been disclosed.

This is the first time that North Korea has been known to have joined the South Korean president's administration. Despite the compromise of individual email accounts being compromised, the presidential office maintains that the overall security system is secure. The breach was caused by an administrator using a commercial email for official duties.

Reports from the UK highlight the increasing sophistication of North Korea's cyber activities, targeting both financial gains and espionage. Subjected to severe international sanctions, Pyongyang's cyber operatives reportedly focus on cryptocurrencies to finance their regime and nuclear ambitions, amassing billions since 2016.

Additionally, under Kim Jong Un's leadership, North Korea is believed to engage in cyber espionage to acquire state secrets, including advanced weapons technology.

The revelation of the breach has sparked shock and concern within South Korea's government circles, particularly regarding President Yoon's security during his visit to London, where he engaged with British dignitaries. The South Korean government reassured the public that the breach was detected before the president's trip, and appropriate measures were taken to address it, according to News18.

South Korean President's Aide's Email Breach

Sources reveal that the aide to the president was using his personal email account for official work when the breach occurred. Among the stolen data were emails sent by President Yoon himself, according to local reports. The hackers also gained access to the president's travel schedule, posing potential risks to his security.

In response, the office of the South Korean President emphasized that the security system of the office was not compromised in the cyberattack. However, this incident marks the first instance of North Korea successfully hacking a member of the South Korean presidential staff.

The primary motivation behind North Korea's cyberattacks appears to be twofold - obtaining valuable information and raising funds for its weapons sector, especially to bolster its nuclear arsenal. Notably, in December 2023, North Korea allegedly stole information on anti-aircraft lasers and other defense technology during a cyberattack on South Korea.

The United Nations has been actively pursuing diplomatic efforts to curb North Korea's nuclear weapons development, imposing sanctions since 2006. Despite these efforts, North Korea has managed to make significant progress in its nuclear weapons sector, with the cyberattacks serving as a means to fund its Weapons of Mass Destruction (WMD) program.

An investigation is going on by the UN into 58 cyberattacks that have been linked to North Korea. These attacks are believed to have generated approximately $3 billion in funds for Kim Jong-un's nuclear weapons program. According to reports, hacking groups associated with the Reconnaissance General Bureau (RGB), North Korea's main foreign intelligence agency, are believed to be behind these cyberattacks. The investigation highlights the persistent difficulties in controlling North Korea's spread of nuclear weapons and the pressing necessity for global collaboration in tackling cybersecurity risks, Knez reported.