Kimsuky Hackers Create Phishing Site Mimicking Korea University: Are They Targeting Entire Research Institutions?
Contents
The North Korean hacking group Kimsuky has sparked controversy by reportedly developing a phishing site disguised as the Korea University portal. Upon investigation, this phishing site was found to be an exact replica of the actual Korea University portal page (original site: https://portal.korea.ac.kr/).
Stolen Information of Korea University Students Transmitted to the Hacker’s Server
An analysis of the HTML revealed that the website is fundamentally built on a Windows server, utilizing the XAMPP framework, which is commonly used by beginners and students. While the basic functionalities of the portal, such as email, course registration, and library services, redirected to the legitimate Korea University portal, the login window was designed to capture credentials. When a user entered their ID and password, the credentials were sent to the hacker in a URI format like username=xxxx&password=yyyy. This is a classic phishing tactic, and the stolen Korea University account information was stored on a specific URI …
Stolen Information of Korea University Students Transmitted to the Hacker’s Server
An analysis of the HTML revealed that the website is fundamentally built on a Windows server, utilizing the XAMPP framework, which is commonly used by beginners and students. While the basic functionalities of the portal, such as email, course registration, and library services, redirected to the legitimate Korea University portal, the login window was designed to capture credentials. When a user entered their ID and password, the credentials were sent to the hacker in a URI format like username=xxxx&password=yyyy. This is a classic phishing tactic, and the stolen Korea University account information was stored on a specific URI …