250416조간용_방첩사_계엄_문건_사칭_전자우편은_북_소행사이버.pdf (506 KB)

South Korea's National Police Agency reported that emails sent in December 2024 impersonating the release of a Defense Counterintelligence Command martial-law document were determined to be North Korean activity. Investigators said the broader campaign sent 126,266 spoofed emails to 17,744 people between November 2024 and January 2025 to steal personal information and account credentials. The targets included people working in unification, security, defense, and foreign affairs, while the infrastructure reused servers linked to prior North Korea-related cases and contained collected information on defectors and military topics. The emails used government-like or acquaintance-like sender addresses and redirected victims to phishing pages that requested portal-site usernames and passwords.