“In recent analyses, it has been suggested that major cyber attacks targeted at South Korea’s key government departments and corporations may have originated from North Korea or China. It is speculated that attempts to hack were focused on telecommunications companies used by the majority of South Koreans. These hacking groups are known to employ sophisticated techniques, such as bypass attacks through security subcontractors.”
“On the 12th, the National Intelligence Service announced that the agency which detected the incidents, in cooperation with related organizations, has taken necessary actions and is continuously tracking the organizations behind these attacks. This was a follow-up response to the recent release of a report titled ‘APT Down: The North Korea Files’, which described the attacks likely perpetrated by hackers affiliated with North Korea’s ‘Kimsuky’ group.”
“The report was compiled based on testimonies from white hackers, such as ‘cyb0rg’ and ‘Saber’. They reported that they obtained a vast amount of data from a virtual workstation and virtual private server (VPS) identified as belonging to an attacker named ‘KIM’.”
“Some experts argue that the attacks might not have originated from North Korea but rather from China or another entity. It is suggested that other hacking groups might have used the Kimsuky guise to erase their traces.”
“The shared data is primarily twofold. One set consists of logs attempting to infiltrate internal servers of South Korea’s Ministry of the Interior and Safety, Ministry of Foreign Affairs, the Defense Security Command, and certain domestic private companies. The other set includes account information, internal documents, and attack tools acquired by the attackers.”
“Specifically, targets included the e-government system of the Ministry of the Interior and Safety and the email platform of the Ministry of Foreign Affairs. As for private companies, the primary targets seem to have been telecommunications companies where user data accumulates, and it’s known that the attacks leveraged remote-controlled subcontractors.”
“The Korea Internet & Security Agency (KISA), responsible for overseeing private sector security, has also issued cautions to the industry.”
“Though no known damage has occurred yet, caution is advised due to the intelligent method of exploiting supply chain vulnerabilities. Kimsuky employs tactics such as ‘spear-phishing’, targeting specific personnel within organizations, and spreading malware via fake work emails.”
“As the instances of cyber attacks originating from North Korea and China rapidly increase, there is an emerging consensus that a joint public-private response framework should be expedited rather than holding individual companies solely accountable. Despite being unrelated to this report, the Personal Information Protection Commission has issued an advance notice of related disciplinary actions to SK Telecom following hacking damages. Some are concerned that the investigation into the SK Telecom hacking incident progressed too hastily compared to others.”
“There are also opinions that a thorough investigation is necessary for both the implicated public institutions and private companies to accurately assess if any damages resulted from these organized hacking attacks.”
“Furthermore, last month, the President emphasized the need for close cyber security cooperation between the government and the private sector, stating that it is essential for establishing a strong foundation in AI development. As AI-enabled attack attempts become more sophisticated, the government has moved quickly to respond.”