The office of South Korean president Yoon Suk Yeol has confirmed that it believes North Korea hacked into the emails of one of its staff members.
The hack of an unidentified member of the presidential staff's personal email account occurred in the run-up to a three-day visit to Europe in November, where Yoon met British Prime Minister Rishi Sunak, King Charles, and French president Emmanuel Macron.
Now, you might be thinking that the hack of a personal email account isn't that bad - after all, there is no indication that the North Korean hackers managed to compromise the official computer systems of the South Korean president's office.
Unfortunately, however, the office has confirmed that the staff member in question had violated security protocols by using the personal email account for official duties.
In other words, he or she had been forwarding sensitive official information to and from his personal email account.
"We detected the case in advance of the visit and took necessary measures," President Yoon's office said in a statement to reporters, emphasising that "it’s not that the presidential office’s security system got hacked."
BBC News reports that local media have quoted a government source as saying that Yoon's trip schedule had been accessed by the hackers, and that messages sent by the president had also been stolen.
It is unclear how precisely the staff member's personal email account was hacked - but my guess is that it may have been something as simple as a carefully-constructed phishing email which duped the unsuspecting aide into handing over their password.
This is believed to be the first time that North Korean hackers have successfully hacked a member of the South Korean president's team. North Korea has had a long history of engaging in cybercrime, using the internet to steal huge amounts of cryptocurrency to fund its nuclear weapons programme, for instance.
According to the South Korean government, the security breach was detected before the president's trip to Europe had begun, and that measures were taken to bolster security. These included raising awareness amongst office workers of cybersecurity issues to ensure similar mistakes did not happen again in future.
tags
Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s.
View all postsNovember 14, 2024
September 06, 2024