Volexity, a cyber security company based in the US, recently reported through a blog post that it had observed malicious code on Daily NK’s website from “at least late March 2021 until early June 2021.”
Daily NK discovered signs of what the cyber security company had found in late 2020. Following the discovery, Daily NK worked with a South Korean cyber security company, the organization’s server management company, and a cyber security-related government agency to respond to the security threat, and has continued to monitor any additional threats to the website.
Daily NK has also continued to track the source of the cyber attack. The malicious code mentioned in the Volexity report was deleted, and the organization has taken steps to prevent a repeat of the attack through the use of anti-virus software. Daily NK strongly believes that neither the organization’s staff nor the website’s readers have been impacted by the malicious code attack.
Daily NK has been the target of cyber attacks from suspected North Korean hackers since its founding.
The organization continues to monitor the ongoing North Korean cyber threat in cooperation with cyber security-focused organizations. Daily NK has taken immediate steps to work with these organizations when cyber security-related issues arise. The organization’s discovery of the malicious code and its quick moves to take action against the threat is part of these broader efforts.
Daily NK chose not to reveal publicly the malicious code attack on website as part of efforts to track the hacker or hackers in question and to better understand their route of attack.
Along with relevant cyber security-related organizations, Daily NK quietly moved to track the source of the attack upon discovery of the threat. The results of this investigation found that the cyber attack originated from a North Korean hacking organization. The route of attack the hacking group used, however, is still under investigation.
Daily NK chose not to publicize the cyber attack because the hacking group focused its efforts on Daily NK staff, not ordinary readers of the website.
Based on analysis from cyber security organizations and experts, Daily NK found that the cyber attack was aimed at stealing information from Daily NK staff accounts, and was not aimed at random users of the website. The hacking group’s modus operandi has been to insert and then delete malicious code on the website. If the hacking group had focused on conducting random cyber attacks on ordinary users, malicious code would have remained on the website.
Moreover, the hacking group focused its efforts on specific Internet protocol (IP) addresses and Daily NK staff members who access the administrative page of the Daily NK website. The only people with access to the webpage where the malicious code was inserted is Daily NK staff. Furthermore, the IP addresses targeted by the hackers were found to be those used by Daily NK’s office and the houses of journalists.
As the Volexity report stated, the malicious code attack impacted website users who use Internet Explorer (IE) and Legacy Edge browsers. Daily NK journalists, for their part, have refrained from using both browsers since at least two to three years ago, and continue to receive training on how to best prevent cyber attacks. All Daily NK journalists use two-factor authentication on their web-based accounts, which allowed the organization to prevent any leakage of information due to the recent malicious code attack.
Daily NK’s server does not store any sensitive information. The server is devoid of any information about ordinary website users or Daily NK’s sources in North Korea and elsewhere. Upon an analysis conducted by Daily NK’s server management company, it was found that there were no records of large amounts of data being downloaded from the server. This provides further evidence that information about Daily NK staff and its readers have not been leaked to the hacking group.
Concerns have been raised in some quarters that ordinary users to the Daily NK website may have been compromised by the malicious code attack. This recent cyber attack, however, was not aimed at ordinary users, but was instead focused on obtaining information about Daily NK staff and Daily NK sources.
Some users of Internet Explorer, however, may have been vulnerable to the hacking group’s malicious code attack. Users with properly installed anti-virus programs on their devices, however, will have mitigated the attack. There is a high likelihood that users employing anti-virus software while surfing the website with fully-updated browsers were not impacted by the malicious code. All users of the website who used browsers other than the un-updated versions of Internet Explorer and Legacy Edge browsers specified in the Volexity blog post were not impacted by the malicious code attack.
Daily NK understands that North Korean hackers tend to conduct attacks that exploit the vulnerabilities of Internet Explorer. Microsoft, the developer of the browser, halted all support to the product on Aug. 17, 2021. The use of a browser other than Internet Explorer is recommended for security reasons when visiting Daily NK’s website, along with all other websites on the Internet. Microsoft also ended its support for Legacy Edge in March of this year and is recommending Internet users turn to the company’s new Microsoft Edge, which is based on Chromium.
Daily NK continues to face attacks by North Korean hackers. The organization is working with relevant cyber security organizations to monitor for threats, regularly conducts cyber security training for its staff, and continuously monitors its website for cyber threats. While not all cyber attacks can be fully prevented, Daily NK is making all efforts possible to ensure users to the website stay safe from malicious code and other cyber attacks.
