North Korean hackers used deadly Seoul crush to lure users

SEOUL Reuters -- North Korean government-backed hackers referenced the deadly Halloween crush in Seoul to distribute malware to users in South Korea, Google's Threat Analysis group said in a report. The malware was embedded in Microsoft Office documents that purported to be a government report on the tragedy that killed more than 150 people after tens of thousands of young revellers crowded into narrow alleyways.

The Threat Analysis Group said that the lure took advantage of widespread public interest in the accident and was widely reported on.

Google attributed the activity to a North Korean hacking group known as APT 37, a group that targets South Korean users, North Korean defectors, policy makers, journalists and human rights activists.

Google has not determined what the malware, which exploited an Internet Explorer vulnerability, was intended to achieve. It reported the problem to Microsoft on October 31 after reports from South Korean users on the same day. Microsoft released a patch on November 8.

A UN panel of experts has accused Pyongyang of using stolen funds gained through hacking to support its nuclear and ballistic missile programmes to circumvent sanctions.

North Korea did not respond to media inquiries, but has previously released statements denying allegations of hacking.

On Thursday, South Korean officials warned businesses not to hire IT staff from North Korea.

In May, the United States issued a similar advisory saying rogue North Korean freelancers were taking advantage of remote work opportunities to hide their true identities and earn money for Pyongyang.