Cyber Threat Actor: Seo
| Actor Type | Location | Known Incidents |
Criminal
|
South Korea
|
1 incident |
|---|
Profile
Seo is a South Korean individual who operated under the alias Seo and was identified by law enforcement as the primary suspect in a 2014 credential‑theft campaign targeting Naver, the nation’s largest web portal. According to the National Police Agency, Seo purchased the personal data of approximately 25 million users from a Korean‑Chinese source in August 2014, a dataset that included names, resident registration numbers, Internet IDs and passwords. He then used this information to gain unauthorized access to Naver accounts, from which he disseminated spam and illicit emails to the compromised users. The activity generated an illegal profit of roughly 160 million won, equivalent to about $148 000, indicating a financially motivated objective rather than espionage or disruption. The attack affected a broad segment of the South Korean online population, as Naver’s user base encompasses a wide range of civilian and commercial activities across the country. Authorities arrested Seo alongside a self‑taught programmer surnamed Hong, who had developed the automated hacking tools that facilitated the credential stuffing, and indicted three additional accomplices without detention while expanding the investigation to 86 others who had acquired Hong’s software.
The tools employed by Seo and his associates consisted of custom programs that automatically entered stolen IDs and passwords to log into Naver accounts, a technique that enabled large‑scale account takeover without the need for traditional malware families. Once inside the accounts, the actors used the compromised channels to distribute spam and other unsolicited messages, thereby monetizing the access through advertising or affiliate schemes. Naver’s officials stated that the breach originated from external sources and that the company was not at fault, recommending that users change their passwords regularly to limit the impact of any future credential reuse. No public evidence links Seo to a state sponsor or a larger criminal consortium; the attribution rests solely on the identified individuals and their direct roles in the data purchase, tool development, and account abuse. The case remains a notable example of financially driven cybercrime that leveraged readily available personal information and simple automation to achieve substantial illicit gains in South Korea.
