South Korea and the US will kick off the annual Ulchi Freedom Shield drills tomorrow through August 31 to counter growing threats from the nuclear-armed North.

Pyongyang views such exercises as rehearsals for an invasion and has repeatedly warned it would take “overwhelming” action in response.

The hackers – believed to be linked to a North Korean group dubbed Kimsuky – carried out “continuous malicious email attacks” on South Korean contractors working at the allies’ combined exercise war simulation centre, the Gyeonggi Nambu Provincial Police Agency said in a statement today.

“Police investigation confirms that North Korean hacking group was responsible for the attack,” it said in a statement, adding that military-related information was not stolen.

A joint investigation by the police and the US military found that the IP address used in the latest attack matched one identified in a 2014 hack against South Korea’s nuclear reactor operator blamed on the group, according to the statement.

The Kimsuky hackers use “spearphishing” tactics – sending malicious attachments embedded in emails – to exfiltrate desired information from victims.

According to findings by the US Cybersecurity and Infrastructure Security Agency in 2020, Kimsuky is “most likely tasked by the North Korean regime with a global intelligence gathering mission.”

The group – believed to be active since 2012 – targets individuals and organisations in South Korea, Japan, and the US, focusing on foreign policy and national security issues related to the Korean peninsula, nuclear policy, and sanctions, it added.