Web Page Disguised as a Kakao Login Page
Contents
The ASEC analysis team recently identified a fake Kakao login page attempting to gain access to the account credentials of specific individuals. The specific route through which users first arrive on these pages is unknown, but it is assumed that users were led to log in via web on a page whose link is provided in phishing emails.
When the user arrives on the web page, the ID of the Kakao account is autocompleted, as shown in Figure 1 below. It is created identically to the original format of the Kakao login page (Figure 2) where users can log in by just entering their email ID if they have a Kakao email address.
Based on the continuous monitoring of North Korea-related activities by the ASEC analysis team, we can consider the possibility that the affected IDs were used in ‘kakao.com’ or ‘hanmail.net’ accounts through the characteristics of their original formats. As such, …
When the user arrives on the web page, the ID of the Kakao account is autocompleted, as shown in Figure 1 below. It is created identically to the original format of the Kakao login page (Figure 2) where users can log in by just entering their email ID if they have a Kakao email address.
Based on the continuous monitoring of North Korea-related activities by the ASEC analysis team, we can consider the possibility that the affected IDs were used in ‘kakao.com’ or ‘hanmail.net’ accounts through the characteristics of their original formats. As such, …
IoC
http://accountskakao.koreawus.com
http://accountskakao.pnbbio.com
https://accounts.kakao.com
http://accountskakao.pnbbio.com
https://accounts.kakao.com