North Korea is anticipated to launch cyber intrusions and large-scale distributed denial-of-service (DDoS) attacks targeting the Asia-Pacific Economic Cooperation (APEC) summit in Gyeongju. Their objective is to steal sensitive information regarding high-level talks, such as the U.S.-South Korea nuclear agreement, or to disrupt critical communication and control services.
The government is implementing a comprehensive strategy to counter these threats, with the National Intelligence Service (NIS) and other security agencies at the forefront of monitoring and preparedness efforts.
Intelligence sources reveal that the NIS established a dedicated APEC cybersecurity task force in April, focusing on potential cyber attacks from North Korea.
With numerous world leaders converging for APEC, the NIS assesses that international terrorist organizations might seize this opportunity to launch widespread attacks. The agency recently released a report titled, 2024 Terrorism Situation and 2025 Outlook, detailing these concerns.
To put this threat into perspective, last year’s APEC organizers in Peru reported thwarting approximately 500,000 cyber attack attempts during the pre-event period alone.
Intelligence analysts have identified several potential attack scenarios by state-sponsored hacking groups. These include the theft of summit materials, disruptions through DDoS attacks, the spreading of misinformation to foment conflict, and the sabotage of transportation and communication infrastructure.
Of particular concern is the potential exploitation of data stolen from South Korean government systems in recent years for sophisticated spear-phishing attacks. Notable breaches include the Ministry of the Interior and Safety’s Onnara System, which was compromised for nearly three years, as well as confirmed data leaks from the Ministry of Foreign Affairs, the Ministry of Oceans and Fisheries, and military networks.
Spear-phishing, a tactic targeting specific individuals within organizations, is a favored method of North Korea’s Reconnaissance General Bureau, particularly through a group known as Kimsuky. Their modus operandi involves sending phishing emails disguised as legitimate requests for cooperation to relevant department employees, tricking them into installing malware that can be used to remotely control servers.
Security experts warn that indirect attacks through private sector participants, such as simultaneous interpreters, must also be factored into defense strategies.
In 2022, reports emerged of North Korean-backed entities manipulating interpretation requests to send hacking emails to numerous interpreters. Given that interpreters frequently participate in international conferences and government events, compromising their accounts could provide access to key individuals or serve as a pathway for deeper infiltration.
DDoS attacks remain a significant threat, as demonstrated during the 2022 St. Petersburg International Economic Forum, where such an attack delayed President Vladimir Putin’s speech by nearly an hour.
To bolster defenses, the NIS has reportedly conducted mock hacking and DDoS attack drills targeting the main APEC website and other critical online services. Additionally, comprehensive security audits have been performed on the computer networks at the Gyeongju Hwabaek International Convention Center (HICO) and the surrounding internet and closed-circuit television (CCTV) systems.
A senior security analyst explained that while the Ministry of Foreign Affairs is overseeing APEC preparations, specialized teams from relevant agencies will be deployed. A joint task force for cybersecurity and counterterrorism is being formed, with coordinated efforts expected from the Ministry of Science and Information and Communication Technology (ICT), NIS, and the Financial Services Commission.
Professor Hong Jun-ho from Sungshin Women’s University’s Department of Convergence Security Engineering emphasized that this event involves not only government officials but also a wide range of private sector practitioners. It is crucial to provide comprehensive security awareness training to ensure all participants adhere to basic security protocols on the front lines.
