Pro-Russian hacking group paralyzes website of North Korea’s airline

The ‘Server Killers’ said it targeted Air Koryo’s website last week ‘just for fun’ and to test the carrier’s ‘mediocre’ security.
By Han Dukin for RFA Korean
Pro-Russian hacking group paralyzes website of North Korea’s airline Screenshot of an April 9, 2024, Telegram post by the hacking group “Server Killers” announcing the successful website hacking of North Korean airline Air Koryo.
(Server Killers via Telegram)

A pro-Russian hacking group said it attacked and paralyzed the website of North Korea’s state-owned Air Koryo and later posted a mocking message on the Telegram messaging app about the airline’s inadequate cybersecurity standards.

The “Server Killers” targeted the flag carrier’s website on April 9 using a denial-of-service attack, or DDoS. They then posted a screenshot of Air Koryo’s website that showed the standard “HTTP Error 500” message that users see when a website isn’t accessible.

The group also posted a message that said “North Korea, where is security,” along with a smiling face emoticon on Telegram. – an online tool for checking the availability of websites, servers, hosts and IP addresses – showed that Air Koryo’s website couldn’t be accessed for a period of time on April 9. The website was accessible on Monday. 

In a response to a message sent on Telegram privately by Radio Free Asia, the “Server Killers” account said that North Korean websites tend to have mediocre security.

Screenshot of the website of North Korean airline Air Koryo as it normally looks. (RFA)

The reason for hacking the Air Koryo website was “for technical reasons, not political or social purposes,” a messenger who asked for anonymity said. 

“Server Killers” doesn’t understand why North Korea won’t “pay much attention to security” on its government sites, the messenger said. 

‘We attacked it just for fun’

The group has posted on its Telegram channel photos and screenshots from what they claim are dozens of successful hacking attacks on government agencies and private companies in the United States, the United Kingdom and Germany.

The messenger confirmed to RFA that the group used a DDoS attack on the Air Koryo website. Such an attack paralyzes a server, service or network by providing excessive internet access to a target.

The airline’s website not only didn’t have a DDoS attack prevention function, but also didn’t have a “SSL certificate,” which enables an encrypted connection, the messenger said.

“We attacked it just for fun and to test how resistant the site is to a DDoS attack,” the messenger said. “We attacked the site for only 300 seconds, and the site was offline for more than eight hours.

“We noticed the site was very old and written in PHP programming language. Not only that, but many sites in North Korea were like that,” the messenger said, adding that “this will be the first and last attack targeting North Korea.”

Translated by Claire S. Lee. Edited by Matt Reed.


Add your comment by filling out the form below in plain text. Comments are approved by a moderator and can be edited in accordance with RFAs Terms of Use. Comments will not appear in real time. RFA is not responsible for the content of the postings. Please, be respectful of others' point of view and stick to the facts.