North Korea-linked actors breached the emails of a Presidential Office member

The office of South Korean President Yoon Suk Yeol said that North Korea-linked actors breached the personal emails of one of his staff members.

The office of South Korean President Yoon Suk Yeol announced a security incident involving the compromise of personal emails belonging to a member of the presidential staff. The government attributes the security breach to North Korean threat actors. The attackers had access to the personal emails of the staff member ahead of Yoon’s trip to Europe in November 2023.

The office of the South Korean President explained that the compromise of the account occurred due to the staff member utilizing commercial email services for official responsibilities.

At this time it’s unclear which kind of information was exposed, however, Yoon’s office pointed out that threat actors did compromise the overall office’s security system.

“We detected the case in advance of (Yoon’s) visit and took necessary measures,” Yoon’s office said in a statement to reporters, according to the Associated Press. The office said it has been monitoring and defending against “constant” hacking attempts presumed to be related to North Korea but “it’s not that the presidential office’s security system got hacked.”

South Korea is a privileged target of cyber espionage operations carried out by North Korea-linked APT groups.

North Korea-linked APT groups are also known to be focused on attacks against crypto exchange and financial organizations in South Korea.

Recently, a U.N. panel of experts announced an investigation into 58 suspected North Korean cyberattacks between 2017 and 2023 valued at approximately $3 billion.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, North Korea)