[Darkpedia] Cyber-attacks in Korea, what is happening in Dark Web?

Author: Jaehak Oh, Sunhyung Shim | S2W DIA

Photo by Markus Spiske on Unsplash

Darkpedia

Delivers information of major events happening on worldwide.
Primarily focus on ‘how’ the event have impacted Darkweb users and trends.

Summary

  • Cyber-attacks related to South Korea has been increasing in 2021.
  • Leakage of Personal Information (PI) accounts for the majority of cyber-attacks, while sensitive information such as privacy information (wall-pad) data is sporadically found.
  • Cyber-attacks happening in Korea usually took place at weak security websites/platforms. Even with the establishment of a basic level of security, a significant number of cyber-attacks are expected to decrease.

Contents related to Cyber-attacks in Korea on the Dark web has been increasing this year

→ Particularly, the range of increase has been increasing in the second half of the year. (excluding August)

[Appendix] Correlation between Cyber-attacks and the volume of Korean Dark web users

→ The volume of Korea Dark web users has slightly increased compared to the beginning of 2021, however, the correlation with cyber-attacks was not significant.

Especially, the type of leaking or selling PI of Korean users accounts for more than half of the cyber-attacks

→ Beyond simply leaking IDs and passwords of general users, there are also a number of cyber-attacks that leak information including information from companies and government agencies to personal privacy details.

[PI] Account & Password leak

→ More than one or two leaks of IDs and password combination (‘Combolist’, ‘Dump’) is sighted on a weekly basis, which the majorities are from the websites with weak security, such as E-commerce platforms or small/medium-sized firms.

Information of leaked IDs & Password combinations may be abused for “account hacking” or “identity theft”

[PI] Corporate & Gov. Agency’s account info leak

→ The majority of personal information is often shared free of charge rather than sold because the level of information contained tends to be not critical, but some data includes account information from government agencies or large companies, which poses a risk of secondary abuse.

[PI] Privacy Information leakage

→ The majority of personal information is often shared free of charge rather than sold because the level of information contained tends to be not critical, but some data includes account information from government agencies or large companies, which poses a risk of secondary abuse.

This type of leakage aims to expose simple privacy rather than hacking or identity theft, but the victim’s face and privacy are exposed as they are, which can cause greater mental damage.

[Appendix] IoT Device data leakage

→ As the usage of IoT devices is increasing, cyber-attacks targeting domestic devices are often sighted, and despite the sensitivity of data held, leakage is easy due to the low-security level of devices.

[PI] Combination leak of Users’ Account & Private information

→ By combining PI and private information, hackers use it as a method of voice-phishing or personal threat.

Hackers threaten the affected companies or agencies; simultaneously approach individuals by threatening under the pretext of spreading privacy.

[Crypto] Leakage of Crypto Exchange platform information and Data

→ Attacks targeting small and medium-sized exchanges with weak security occur more than once on a monthly basis.

Mainly shares personal information of users of small/medium-sized exchanges or account information of owners of large wallets (Left), Large exchanges are often targeted, and posts selling source codes of cryptocurrency are also found (Right)

[Corporate] Corporate website hack / Leak of internal documents

→ Cyber-attacks targeting Korea’s small/medium-sized firms’ websites has been on its recent increase.

[Corporate] ‘Zerocool888’, professional hacker targeting Korean firms

→ Since November 2021, ‘zerocool888’ has been all over the place, sharing and leaking the information of Korean firms’ information.

List of ‘zerocool888’ posts on Raidforums, since November 2021. The number of posts is increasing as time goes.

[Corporate] ‘Zerocool888’, professional hacker targeting Korean firms (cont)

→ The hacker occasionally runs direct-attacks targeting corporate websites, also intentionally lookup for the Korea-related data that has been leaked in the past
→ Afterward, the hacker re-post the data on the hacking forum as if the data is extracted by him/her.

Past data and the recent data (posted by ‘zerocool888’) matches exactly

[Darkpedia] Cyber-attacks in Korea, what is happening in Dark Web? was originally published in S2W BLOG on Medium, where people are continuing the conversation by highlighting and responding to this story.

Article Link: [Darkpedia] Cyber-attacks in Korea, what is happening in Dark Web? | by Darkpedia | S2W BLOG | Medium