Suspected North Korean hackers have targeted a joint exercise by the US and South Korean military, trying to steal classified data from their police agency.

While the attack was stopped and no data was stolen, South Korean police linked the attempt to Kimsuky, a North Korean hacking group specialised in spear phishing campaigns. They do so to disrupt the drill, which is aimed at improving South Korea’s ability to respond to North Korea’s nuclear and missile threats.

Disrupting the Military Drill

As noted by the Gyeonggi Nambu Provincial Police Agency, suspected North Korean hackers have targeted a joint US-South Korea military drill this week, trying to steal sensitive data about the campaign.

The South Korean police and the U.S. military conducted a joint investigation into the incident. They found the IP address used in the hacking attempt matched one identified in a 2014 hack against South Korea’s nuclear reactor operator. Eventually, they linked the threat actor to Kimsuky, a North Korean hacking group specialising in “spear-phishing” emails.

Spear phishing is aimed at selected targets to steal sensitive information by convincing them to give up passwords or clicking attachments or links to load malware. This technique is used in high-level attacks and is not always aimed at financial gains.

Assuring that no data has been compromised, the incident is an 11-day Ulchi Freedom Guardian summer exercise to help the South Korean army’s ability to respond better to North Korea’s evolving nuclear and missile threats. Considering this a potential invasion attempt, North Korea objects to such exercises, thus trying to disrupt.

Though North Korea has previously denied any role in such cyberattacks, all the cyber evidence links the attempts to their APTs, which often indulge in data and cryptocurrency-stealing campaigns to fuel their nation’s growth.