North Korea appears to have hacked South Korea’s cyber command in what could be the latest cyberattack against Seoul, the military here said Tuesday, .

It seems the intranet server of the cyber command has been contaminated with malware. We found that some military documents, including confidential information, have been hacked,” an official at the Ministry of National Defense told Yonhap News Agency. He said that authorities suspect North Korea is behind the latest online infiltrations.

The cyber command said it isolated the affected server from the whole network to avoid the spread of viruses. But it has yet to fully determine what data were leaked.

It marked the first time that the data of South Korea’s cyber command has been compromised. South Korea set up the command in January 2010 as part of its efforts to counter external hacking attempts on the country’s military.

North Korea — which has thousands of cyberwarfare personnel — has a track record of waging cyberattacks on South Korea and the United States in recent years, though it has flatly denied any involvement.

Earlier this year, South Korea accused North Korea of stealing information from about 10 South Korean officials by hacking into their smartphones.

Then two months ago, Rep. Kim Jin-pyo, a lawmaker of the main opposition Democratic Party of Korea, claimed that the cyber command was hacked in September. He told Yonhap that the hacking targeted the “vaccine routing server” installed at the cyber command.

Kim, who is a member of the parliament’s national defense committee, said that a malicious code was identified and it appears to have taken advantage of the vulnerability of the routing server.

North Korea has approximately 6,000 trained hackers in its military ranks, a defector from the country told the BBC. The defector taught computer science at a Pyongyang University and said many of his former students went on to the hacking unit known as Bureau 121.

Little is known about the North Korea’s cyberwarfare agency, though it does seem to employ considerable computer expertise. With its Sony Pictures breach, the hackers used a common method to gain access called spear-phishing and were able to steal credentials for a systems administrator, enabling them to burrow inside the systems for at least two months to map out their plan of attack.
The server is tasked with security on computers that the military has for internet-connection purposes. Around 20,000 military computers are known to have been connected to the server.

Kim said in October that chances are “very low” that the hacking led to a leak of confidential information, given that the military’s intranet is not connected to the server.

The defense ministry later announced it has identified the intrusion of the malicious code into the system and as a precaution, separated the server from the network.

But according to the source, there is a possibility that the military’s intranet may have been compromised due to the hacking which could force South Korea to rewrite its military operation plans.

BALAJI is a Security Researcher (Threat Research Labs) at Comodo Security.
Ethical Hacker, Editor-in-Chief, Author & Co-Founder of GBHackers On Security & Tech Incidents