• As per South Korea's spy agency, the North Korean phishing portal is replicating the sign-in page of Naver
  • Naver is South Korea's largest online portal and search engine
  • The NIS said the agency was taking necessary action to safeguard the users' details

Seoul's spy agency National Intelligence Service (NIS) has alleged that North Korea is engaged in a cyber espionage campaign aimed at stealing the personal data of South Koreans.

The NIS stated North Korea was operating a phishing website that replicated South Korea's largest online portal and search engine, Naver, in real time. This website was designed to trick users into revealing their personal information, according to Reuters.

The NIS has issued a warning to the public, urging them to exercise caution and remain vigilant regarding web addresses to protect themselves from falling victim to such cyberattacks.

In a press release, the spy agency stated that North Korea has been making efforts to acquire user data through multiple counterfeit Naver websites. These deceptive websites are designed to appear as legitimate Naver platforms, but are operated by malicious actors from North Korea.

The National Intelligence Service emphasized the need for heightened caution among internet users to avoid falling prey to these fraudulent websites.

"If the domain address is not the legitimate Naver access domain ― ― such as, please immediately stop accessing it," the NIS said in the release, Wion reported.

As per the NIS' findings, the North Korean phishing portal is replicating the sign-in page of Naver. By creating counterfeit login pages that closely resemble the authentic Naver sign-in page, the intention is to trick South Korean users into entering their login credentials. Once users unknowingly provide their usernames and passwords, the people behind the fake website gain unauthorized access to their genuine Naver accounts.

The recent counterfeit websites created by North Korea have advanced capabilities that enable them to mirror real-time content from Naver, including news, ad banners, finance information, and other data displayed on the Naver homepage.

"Their cyberattack techniques have evolved to improve the possibility of stealing personal information," an official at the NIS said, according to Reuters.

In an effort to safeguard citizens, NIS has shared pertinent information with the government, public institutions, and the Korea Internet & Security Agency. These organizations have taken swift action to implement measures aimed at blocking access to phishing sites.

Representational Image Image by Pexels from Pixabay

To track the North Korean phishing sites effectively, the NIS is actively cooperating with international agencies by sharing relevant information as the servers are located overseas.

"Entering the website address directly or utilizing the bookmark function are safer ways of using web portals," the NIS official said. "North Korea's cyberattack techniques are becoming increasingly sophisticated, so the public should pay greater attention to their cybersecurity."

Naver also released a statement saying: "We urge users to check if the address is the right one and pay extra attention when accessing Naver," Wion reported.