South Korea

FBI 떠나도 북한 해커 추적한 美 요원…"1급 군사비밀만큼 중요"

Hankyung | Local Language | News | Nov. 21, 2025 | North Korea

Former FBI agent Eric Keo pursued North Korean hackers for four years, focusing on a hacker known as "Hades," affiliated with the North Korean group Andariel under the Reconnaissance General Bureau. Despite leaving the FBI in 2023, Keo continued the investigation due to the serious threat posed by these hackers to hospital security systems, which he viewed as critically important, likening them to "top military secrets."

On May 4, 2021, Hades launched a ransomware attack on a hospital in Kansas, paralyzing its networks and diagnostic equipment, including a sleep lab. The attackers demanded two bitcoins, worth approximately $100,000, threatening to increase the ransom to $200,000 if unpaid within 48 hours. The hospital complied, transferring the bitcoins, which were subsequently withdrawn from ATMs near Dandong, China. Although Rim Jong-hyuk was identified as the group leader and publicly named, Hades remained known only as "Co-conspirator 1."

Keo adopted a covert approach by posing as an operator of a "cryptocurrency casino" to engage with North Korean hackers and gather intelligence. He identified a suspect he believes to be Hades, based on social media usage, phone number links, and the suspect’s own claims of developing ransomware and significant illicit earnings. Experts warn that North Korean hackers often disguise themselves as IT personnel within U.S. companies to gain access for criminal activities beyond simple intrusions.

Keo plans to present the evidence he has collected at a conference in Washington D.C. on November 20, highlighting the ongoing risks posed by North Korean cyber operations targeting critical infrastructure.

Joongang Ilbo | English | News | Nov. 21, 2025 | UndeterminedEmployment

A government investigation in South Korea has revealed widespread labor abuses against foreign workers, with 93 percent of inspected workplaces violating labor laws. The Ministry of Employment and Labor conducted two rounds of inspections in April and September 2025 at 196 workplaces vulnerable to worker mistreatment, uncovering 846 breaches across 182 workplaces. Common violations included unpaid wages at 123 sites, excessive working hours at 65, failure to provide breaks or holidays at 22, and assault or discriminatory treatment at 10.

Unpaid wages amounted to 1.7 billion won ($1.16 million), with 103 of the 123 workplaces repaying 1.27 billion won. Serious cases led to criminal charges, such as an assault case in South Chungcheong and wage evasion in Gangwon. Additional violations included failure to enroll foreign workers in mandatory insurance and inadequate dormitory facilities. Three workplaces hiring foreign workers without permits faced restrictions on future employment authorizations.

The ministry issued 844 corrective orders and plans to conduct further inspections, particularly targeting repeat offenders. Findings will be shared with key stakeholders to promote voluntary improvements in labor conditions. Labor Minister Kim Young-hoon emphasized that there should be no distinction between Korean and foreign workers in labor rights protection and committed to establishing an integrated support system for foreign workers.

전세계 랜섬웨어 '기승'…한국, 상위 20위 미포함

ZD Net Korea | Local Language | News | Nov. 21, 2025 | Cyber Attacks and Data Loss

Ransomware attacks targeting companies and institutions worldwide have surged in 2025, with the number of incidents from January to October exceeding last year’s total. As of November 19, the global ransomware attacks reached nearly 7,000, marking an all-time high. The United States experienced the most attacks at 2,957 cases, followed by Canada and Germany, while South Korea was not in the top 20 countries but recorded 34 publicly disclosed incidents.

In South Korea, the actual number of ransomware cases appears higher, with 82 incidents reported in the first half of 2025 by the Korea Internet & Security Agency (KISA). The ransomware groups Qilin, Akira, and Gunra have been particularly active domestically, targeting asset management firms, subsidiaries of major companies, and various industrial firms. Notably, Gunra emerged this year with significant attacks on domestic companies, while Akira, usually not focused on Korea, recently targeted Korean firms’ overseas branches like LG Energy Solution.

Experts emphasize the risk posed by overseas branches or partners with weaker security, as these are often entry points for ransomware attacks. The need for heightened vigilance is underscored by the expanding scope of attacks, including those aimed at critical institutions such as the Hanmaeum Blood Center. Cybersecurity authorities closely monitor these threats, as evidenced by cooperative actions like forwarding attack data to the U.S. CISA.