Seoul police are investigating a phishing email campaign orchestrated by the North Korean hacking group “Kimsuky,” which impersonated Seoul city officials. The group, known internationally for cyberattacks attributed to North Korea, reportedly sent fraudulent emails to unsuspecting recipients.
On February 13, the Seoul Metropolitan Police Agency’s Cyber Security Division conducted a raid on Seoul City Hall, securing email accounts suspected to have been used by North Korean hackers.
The investigation follows reports that some citizen accounts (@citizen.seoul.kr)—which can be created via the Seoul city website—were compromised and used to distribute phishing emails last month.
The fraudulent emails reportedly contained malware-infected files disguised as an inquiry about the feasibility of holding a remote meeting regarding North Korean defector leaflet distribution. Investigators traced the IP addresses used in the hacking attempt and found them to be identical to those used in previous cybercrimes linked to Kimsuky.
Kimsuky first gained notoriety in 2014 after hacking Korea Hydro & Nuclear Power, leaking nuclear reactor blueprints, and threatening to halt operations. The group has since engaged in multiple cyberattacks, including impersonating South Korea’s National Security Office in 2016 and sending phishing emails under the name of former lawmaker and North Korean defector Thae Yong-ho in 2022.
Due to the nature of phishing emails, where the true origin of the sender is often concealed, authorities are proceeding cautiously. A police official stated, “We cannot immediately conclude that North Korea is responsible solely based on matching IP addresses. We are conducting a detailed analysis of the compromised email accounts.”
Meanwhile, Seoul city officials have issued a public warning regarding the hacking incident, urging citizens not to open emails from unauthorized accounts. The city emphasized that official communications are sent exclusively from @seoul.go.kr accounts and that emails from ‘@citizen.seoul.kr’ are not used for official business. Citizens are advised to delete suspicious emails and attachments immediately without opening them.
BY CHULWOONG KIM, YOUNGNAM KIM [kim.youngnam@koreadaily.com]
![Delivery robots in urban areas including LA Koreatown and Hollywood have been involved in a string of incidents, blocking fire engine responses, crossing police lines at active scenes, and colliding with homes and motorcycles. [KTLA • Reddit capture]](https://www.koreadailyus.com/wp-content/uploads/2026/02/0226-delivery-robot-compile-100x70.jpg "Troublesome delivery robots damage gardens, snarl streets")
![Judy Baca, who faces allegations of embezzling $5 million, participates in work on “The Great Wall of Los Angeles” mural in 2023. [Sangjin Kim, The Korea Daily]](https://www.koreadailyus.com/wp-content/uploads/2026/02/0226-nonprofit-1-100x70.jpg "Nonprofit leaders accused of diverting millions meant for the vulnerable")
![A screenshot of the GoFundMe fundraising page created for Kyung Chang Lee. Donations are being collected to support the family of Lee, who was killed in the San Antonio, Texas, shooting. [GoFundMe capture]](https://www.koreadailyus.com/wp-content/uploads/2026/02/0225-KyungChangLee-100x70.jpg "Family of army veteran killed in San Antonio shooting launches fundraiser")
![Downtown Guadalajara in Mexico’s state of Jalisco, which resembled a war zone on February 22 amid arson and other violence by drug cartel members, appears quiet on February 24. The area, usually crowded with tourists and residents, saw a sharp decline in foot traffic and public transportation use. [Pablo Lemus Navarro/X account]](https://www.koreadailyus.com/wp-content/uploads/2026/02/0225-Mexico-100x70.jpg "Cartel leader’s killing sparks unrest, prompts Koreans to reconsider Mexico trips")
