North Korean hacking groups stole defense industry and information technology (IT) know-how along with more than 2 trillion won worth of cryptocurrency from targets at home and abroad, according to a new report.
The National Intelligence Service's National Cyber Security Center said in its recently published "2025 National Cyber Security Center Annual Report" that North Korea used phishing, malware and malicious applications to carry out the thefts. In one case, hackers distributed malicious apps disguised as Kakao security files or document viewer apps through official app stores and email. Once installed, the apps intercepted call records and text messages. The NIS urged users not to download apps through unofficial channels and to stop running any app that requests unnecessary permissions.
The hackers also drained funds from cryptocurrency wallets using phishing and malware, then split the coins into smaller amounts to transfer and launder them. The total value of cryptocurrency and other assets stolen by North Korea from domestic and overseas targets last year exceeded 2 trillion won, the largest amount on record.
Software supply chains used by Korean companies were also targeted. North Korean groups exploited vulnerabilities in three domestic document management solutions to create administrator accounts and extract data. Sensitive information leaked through these breaches ranged from at least 700 to as many as 2.6 million records per product.
