Tuesday, October 15, 2024
HomeHacksNorth Korea suspected in hack of South Korea's cyber command

North Korea suspected in hack of South Korea’s cyber command

Published on

Malware protection

North Korea appears to have hacked South Korea’s cyber command in what could be the latest cyberattack against Seoul, the military here said Tuesday, .

It seems the intranet server of the cyber command has been contaminated with malware. We found that some military documents, including confidential information, have been hacked,” an official at the Ministry of National Defense told Yonhap News Agency. He said that authorities suspect North Korea is behind the latest online infiltrations.

The cyber command said it isolated the affected server from the whole network to avoid the spread of viruses. But it has yet to fully determine what data were leaked.

- Advertisement - SIEM as a Service

It marked the first time that the data of South Korea’s cyber command has been compromised. South Korea set up the command in January 2010 as part of its efforts to counter external hacking attempts on the country’s military.

North Korea — which has thousands of cyberwarfare personnel — has a track record of waging cyberattacks on South Korea and the United States in recent years, though it has flatly denied any involvement.

Earlier this year, South Korea accused North Korea of stealing information from about 10 South Korean officials by hacking into their smartphones.

Then two months ago, Rep. Kim Jin-pyo, a lawmaker of the main opposition Democratic Party of Korea, claimed that the cyber command was hacked in September. He told Yonhap that the hacking targeted the “vaccine routing server” installed at the cyber command.

Kim, who is a member of the parliament’s national defense committee, said that a malicious code was identified and it appears to have taken advantage of the vulnerability of the routing server.

North Korea has approximately 6,000 trained hackers in its military ranks, a defector from the country told the BBC. The defector taught computer science at a Pyongyang University and said many of his former students went on to the hacking unit known as Bureau 121.

Little is known about the North Korea’s cyberwarfare agency, though it does seem to employ considerable computer expertise. With its Sony Pictures breach, the hackers used a common method to gain access called spear-phishing and were able to steal credentials for a systems administrator, enabling them to burrow inside the systems for at least two months to map out their plan of attack.
The server is tasked with security on computers that the military has for internet-connection purposes. Around 20,000 military computers are known to have been connected to the server.

Kim said in October that chances are “very low” that the hacking led to a leak of confidential information, given that the military’s intranet is not connected to the server.

The defense ministry later announced it has identified the intrusion of the malicious code into the system and as a precaution, separated the server from the network.

But according to the source, there is a possibility that the military’s intranet may have been compromised due to the hacking which could force South Korea to rewrite its military operation plans.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

HORUS Protector Delivering AgentTesla, Remcos, Snake, NjRat Malware

The Horus Protector crypter is being used to distribute various malware families, including AgentTesla,...

ErrorFather Hackers Attacking & Control Android Device Remotely

The Cerberus Android banking trojan, which gained notoriety in 2019 for its ability to...

Hackers Allegedly Selling Data Stolen from Cisco

A group of hackers reportedly sells sensitive data stolen from Cisco Systems, Inc.The...

Fortigate SSLVPN Vulnerability Exploited in the Wild

A critical vulnerability in Fortinet's FortiGate SSLVPN appliances, CVE-2024-23113, has been actively exploited in...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

HORUS Protector Delivering AgentTesla, Remcos, Snake, NjRat Malware

The Horus Protector crypter is being used to distribute various malware families, including AgentTesla,...

CoreWarrior Malware Attacking Windows Machines From Dozens Of IP Address

Researchers recently analyzed a CoreWarrior malware sample, which spreads aggressively by creating numerous copies...

TrickMo Malware Targets Android Devices to Steal Unlock Patterns and PINs

The recent discovery of the TrickMo Banking Trojan variant by Cleafy has prompted further...