Authorities in South Korea on Thursday said Kim Jong-un’s government compromised the personal data of more than 10 million online shoppers by hacking the website of an internet shopping mall.
North Korea’s General Bureau of Reconnaissance was responsible for breaching the servers of Interpark, a Seoul-based website that generates hundreds of millions of dollars worth of transactions each year, South Korea’s National Police Agency said in a statement.
The General Bureau of Reconnaissance, Pyongyang’s main spy agency, breached the company in May and stole personal data pertaining to more than 10 million shoppers, including their names, email addresses, telephone numbers and other information, the National Police Agency said.
Interpark said it learned July 11 its company had been breached by an “advanced persistent threat attack” and alerted authorities the following day.
“The hackers first gained access to an employee’s computer, and identified email patterns that were familiar to the employee before sending an email that contained the malware [and] opening a back door, which is why the employee was fooled,” a spokesperson told the Korea Herald.
Following an investigation, the National Police Agency said in a statement Thursday that IP addresses involved in the hack as well as the specific language used by the attackers suggests North Korean spies were responsible.
“We are sorry that it has become difficult to arrest a suspect as it has been found to be North Korea’s conduct,” Interpark said in a statement, according to Reuters.
The hackers allegedly offered to sell the stolen data back to Interpark in exchange for virtual cryptocurrency after the breach occurred, the Korea Herald reported.
North Korea was “using computer hacking technology to try to steal our people’s property in a criminal act of earning foreign currency,” the police said, according to the New York Times.
Interpark did not pay the requested ransom, Reuters reported. Nonetheless, the pilfered private information stolen in the hack could still be invaluable to whomever holds it, according to at least one expert.
“By obtaining customers’ personal information, they can hack into other sites and also blackmail the company for money,” Kim Dae-young, a researcher with the Korea Defense and Security Forum, told Arirang News.
South Korean authorities accused Pyongyang last month of hacking more than 140,000 computers across 160 different companies and government agencies south of its border. North Korea has denied wrongdoing, Reuters reported.