인터파크_해킹.hwp (250 KB)

South Korean police and a joint government investigation team assessed the Interpark customer-data theft and extortion case as the work of North Korea's Reconnaissance General Bureau. Their attribution cited relay IPs used to send hacking emails or receive commands, malware techniques resembling prior North Korean cyber operations, and North Korean-style wording in the extortion email. The case involved attackers moving beyond infrastructure disruption into theft of personal information and extortion for financial gain, which the government described as a notable change in North Korean cyber tactics. Authorities warned that stolen personal data could enable further hacking or psychological operations and urged rapid reporting of extortion emails or compromise signs. The report matters for DPRK tracking because it frames the Interpark incident as an early example of North Korean cyber operations being used for criminal monetization.