In December last year, the personal information of nearly 1,000 defectors from North Korea was stolen by hackers working for Kim Jong Un’s regime.
The data was taken from a database belonging to South Korea’s resettlement agency via a computer infected with malicious software at the Hana center in the southern city of Gumi, Reuters reported. The Hana center is one of 25 institutes that help some 32,000 North Korean defectors adapt to a new life in the South, offering jobs, medical aid, and more.
Months before news of the hack emerged, cybersecurity company McAfee warned that North Korean hackers, known as “Sun Team,” were actively using malware on mobile phones to spy on Android devices used by defectors.
The malware is spread through social media networks, including Facebook, and used to steal personal information such as photos, contact lists, text messages, and more. Around 100 victims were targeted via the Google Play store.
Some of that information was then used to create fake social media accounts by stealing the victims’ identities. The campaign was dubbed “Red Dawn” by McAfee. It was the second Sun Team operation targeting defectors that McAfee had uncovered in 2018.