SEOUL: According to Google's Threat Analysis Group, north Korean government-backed hackers used the deadly Halloween crush in Seoul to distribute malware to South Korean users.
The malware was embedded in Microsoft Office documents ostensibly containing a government report on the tragedy that killed more than 150 people after tens of thousands of young revellers crammed into narrow alleyways.
"This incident was widely reported on, and the lure takes advantage of widespread public interest in the accident," the Threat Analysis Group said.
Google attributed the activity to a North Korean hacking group known as APT37 which it said targets South Korean users, North Korean defectors, policymakers, journalists and human rights activists.
Google also said it has not determined what the malware, which exploited an Internet Explorer vulnerability, was intended to achieve. It reported the problem to Microsoft on Oct. 31 after multiple reports from South Korean users on the same day. Microsoft issued a patch on Nov. 8.
A United Nations panel of experts monitoring North Korea's sanctions has accused Pyongyang of evading sanctions by using stolen funds obtained through hacking to support its nuclear and ballistic missile programs.
North Korea does not respond to media inquiries but has previously issued statements denying hacking allegations.
On Thursday, south Korean officials warned businesses against inadvertently hiring North Korean IT personnel.
In May, the US issued a similar warning, claiming that rogue North Korean freelancers were using remote work opportunities to conceal their identities and earn money for Pyongyang.