Cyber Threat Actor: Hong
| Actor Type | Location | Known Incidents |
Criminal
|
South Korea
|
1 incident |
|---|
Profile
Hong is a threat actor known by the aliasHong and is believed to operate from South Korea. The actor came to public attention through a 2014 cyberattack on South Korea’s largest web portal, in which personal data belonging to approximately 25 million users—including names, national identification numbers, login credentials and passwords—was compromised. The primary suspect in this incident acquired the stolen data from a third party and then employed automated hacking tools created by an accomplice to gain unauthorized access to user accounts. Using those compromised accounts, the actor disseminated spam and illicit emails, an activity that generated roughly $148 000 in illegal profits. Law‑enforcement authorities subsequently arrested the two central figures—the individual who purchased the data and the developer of the hacking tools—along with three additional accomplices, and expanded investigations to 86 other persons who had obtained the malicious software. The affected company acknowledged that the breach originated externally, denied any systemic security failure, and advised users to rotate their passwords as a precautionary measure.
The actor’s typical targeting appears focused on large South Korean online services, with the demonstrated objective of financial gain through the monetization of stolen credentials via spam campaigns. The observed tactics, techniques and procedures include the acquisition of personal data from underground markets, the use of custom or commissioned automated hacking tools for credential stuffing or account takeover, and the leveraging of compromised accounts to distribute unwanted email content. No public attribution to a state sponsor or a formally declared criminal consortium has been made; the actor is described as an individual or small group operating within South Korea’s cybercrime landscape. The 2014 portal breach and subsequent spam operation remain the most prominently reported campaign associated with Hong, illustrating a clear link between data procurement, tooling, and profit‑driven abuse of compromised accounts.
