A decoy data environment set up to lure hackers was breached, resulting in the theft of personal employee emails connected to it. It is suspected that the stolen data included work documents and identification photos.
A hacking group named “Black Shrantac” has claimed responsibility for hacking approximately 24GB of SK Shieldus’s data, as shared in their posts. The captured image was taken from a website.
It was reported that employees’ personal email accounts were compromised, leading to the leakage of work documents. SK Shieldus had initially stated that a fake site created to lure hackers was attacked. However, it was later revealed that actual work data was accessed through email accounts connected to this fake site.
According to the information security industry on the 19th, SK Shieldus reported the breach to the Korea Internet & Security Agency (KISA) at around 10 am the previous day. The U.S.-based hacking group “Black Shrantac” claimed they stole about 24GB of SK Shieldus data, which included customer information, network data, and HR and payroll data, along with sample images to back up their claims.
SK Shieldus explained that the data claimed to be stolen was actually from a “honeypot,” a virtual setup consisting of fake data designed to detect abnormal access attempts. However, data such as actual work documents and identification photos from SK Shieldus were also included in the compromised data obtained by the hacker group.
It seems that the hacker group accessed and extracted data from employees’ personal email accounts that were logged into the honeypot. SK Shieldus representatives stated that they discovered some work documents within a personal email account logged into the honeypot before reporting to KISA at 10:03 am on October 18th.
SK Shieldus is a leading domestic security company that operates both physical and cyber security with annual sales exceeding 2 trillion won. Following this incident, SK Shieldus is conducting a full investigation of emails within the accounts connected to the honeypot.
A company representative stated, “We are taking this matter very seriously,” and added, “We will share the results of the investigation with related agencies and promptly and transparently guide any confirmed details.”