Tuesday, January 14, 2025
HomeHacksNorth Korea suspected in hack of South Korea's cyber command

North Korea suspected in hack of South Korea’s cyber command

Published on

North Korea appears to have hacked South Korea’s cyber command in what could be the latest cyberattack against Seoul, the military here said Tuesday, .

It seems the intranet server of the cyber command has been contaminated with malware. We found that some military documents, including confidential information, have been hacked,” an official at the Ministry of National Defense told Yonhap News Agency. He said that authorities suspect North Korea is behind the latest online infiltrations.

The cyber command said it isolated the affected server from the whole network to avoid the spread of viruses. But it has yet to fully determine what data were leaked.

It marked the first time that the data of South Korea’s cyber command has been compromised. South Korea set up the command in January 2010 as part of its efforts to counter external hacking attempts on the country’s military.

North Korea — which has thousands of cyberwarfare personnel — has a track record of waging cyberattacks on South Korea and the United States in recent years, though it has flatly denied any involvement.

Earlier this year, South Korea accused North Korea of stealing information from about 10 South Korean officials by hacking into their smartphones.

Then two months ago, Rep. Kim Jin-pyo, a lawmaker of the main opposition Democratic Party of Korea, claimed that the cyber command was hacked in September. He told Yonhap that the hacking targeted the “vaccine routing server” installed at the cyber command.

Kim, who is a member of the parliament’s national defense committee, said that a malicious code was identified and it appears to have taken advantage of the vulnerability of the routing server.

North Korea has approximately 6,000 trained hackers in its military ranks, a defector from the country told the BBC. The defector taught computer science at a Pyongyang University and said many of his former students went on to the hacking unit known as Bureau 121.

Little is known about the North Korea’s cyberwarfare agency, though it does seem to employ considerable computer expertise. With its Sony Pictures breach, the hackers used a common method to gain access called spear-phishing and were able to steal credentials for a systems administrator, enabling them to burrow inside the systems for at least two months to map out their plan of attack.
The server is tasked with security on computers that the military has for internet-connection purposes. Around 20,000 military computers are known to have been connected to the server.

Kim said in October that chances are “very low” that the hacking led to a leak of confidential information, given that the military’s intranet is not connected to the server.

The defense ministry later announced it has identified the intrusion of the malicious code into the system and as a precaution, separated the server from the network.

But according to the source, there is a possibility that the military’s intranet may have been compromised due to the hacking which could force South Korea to rewrite its military operation plans.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Google’s “Sign in with Google” Flaw Exposes Millions of Users’ Details

A critical flaw in Google's "Sign in with Google" authentication system has left millions...

Hackers Attacking Internet Connected Fortinet Firewalls Using Zero-Day Vulnerability

A widespread campaign targeting Fortinet FortiGate firewall devices with exposed management interfaces on the...

Critical macOS Vulnerability Lets Hackers to Bypass Apple’s System Integrity Protection

Microsoft Threat Intelligence has uncovered a critical macOS vulnerability that allowed attackers to bypass...

CISA Released A Free Guide to Enhance OT Product Security

To address rising cyber threats targeting critical infrastructure, the U.S. Cybersecurity and Infrastructure Security...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

RedCurl APT Deploys Malware via Windows Scheduled Tasks Exploitation

Researchers identified RedCurl APT group activity in Canada in late 2024, where the attackers...

Credit Card Skimmer Hits WordPress Checkout Pages, Stealing Payment Data

Researchers analyzed a new stealthy credit card skimmer that targets WordPress checkout pages by...

Hackers Exploiting YouTube to Spread Malware That Steals Browser Data

Malware actors leverage popular platforms like YouTube and social media to distribute fake installers....