Hacker groups linked to North Korea are suspected of carrying out cyberattacks by using manipulated email addresses from the South Korean government to steal user information, cybersecurity firm ESTsecurity said Friday.

The security company said it detected a cyberattack Tuesday, when the hackers used a manipulated email address from the Ministry of Unification. On Thursday, the hackers used an address from the state-run Korea Institute for National Unification.

ESTsecurity said it suspects North Korea-linked hacking organizations, such as Thallium and Kimsuky, to be behind the attacks, which manipulated the sender emails to appear as official government addresses.

ESTsecurity did not elaborate on the targets of the latest cyberattacks.

The emails in the attacks included links to documents that appeared to be official government reports.

When users click the links, they would be directed to enter their email passwords, which would then allow hackers to steal the information, according to ESTsecurity.

The cyberattacks are the latest in a series of recent hacking incidents suspected of being carried out by North Korean groups.

Last week, the science ministry acknowledged that a state-run nuclear research institute was the target of a cyberattack last month.

Rep. Ha Tae-keung of the main opposition People Power Party has accused a hacker group associated with a North Korean intelligence agency of being behind the attack.

Source: https://en.yna.co.kr/view/AEN20210625006200320