North Korea Suspected in 80% of Hacking Attempts on South Korean Public Bodies

It was revealed that the number of South Korean public institutions attacked by international hacking organizations increased by 36% last year. Among these, it was determined that 80% of the growth appeared to be attacks from North Korea.

The National Intelligence Service of South Korea held a press conference at the National Cyber ​​Security Cooperation Center in Seongnam, Gyeonggi Province, on the 24th, where they decided to strengthen its response, predicting that there could be more hacking attempts and fake news targeting this year’s scheduled parliamentary elections and the US presidential election.

The National Intelligence Service analyzed that there were 1.62 million attempts per day by national-backed personnel and international hacking organizations to attack the public sector last year. This is a 36% increase from the previous year. The increase is due to increased attack attempts targeting many unspecified public officials and improvements in cyber attack detection capabilities.

By country of origin, North Korea was the most at 80%. China was 5%, but when reflecting the severity of damage, considering the scale and importance of damage per case and attack methods, it increased to 21%. In this case, North Korea recorded 68%.

According to the analysis of the National Intelligence Service, North Korea concentrated attacks on South Korean domestic agricultural and fisheries institutions as Kim Jong Un, General Secretary of the Workers’ Party of Korea, instructed to solve the food shortage early last year. And in August and September, when Kim Jong Un emphasized naval power, they hacked South Korean shipbuilding companies and stole blueprints and design data. In October, following Kim Jong Un’s directive to strengthen drone production, they were found to have collected the drone engine data from related South Korean and foreign institutions. North Korea also attempted to hack Russian defense companies, which are from the friendly country, several times.

In the case of financial theft attacks, as the bank’s security system is strengthened, the target of the attack has been moved to focus on virtual asset exchanges, and recently, it has been expanding the target of theft to individual-owned virtual assets.

IT foreign currency earners, which account for three times the number of North Korean hacking organization members, mostly forged identification and resumes and got jobs in IT development companies in advanced countries or received orders from companies, and stole the virtual assets owned by the development companies by hiding malicious codes in the software (SW) they developed or spread ransomware to steal money.

It was recently confirmed that North Korean hackers used generative AI to search for hacking targets and technologies needed for hacking.

China’s hacking methods are careful and secretive, unlike North Korea. Some Chinese hackers have been confirmed to have hacked a South Korean company’s server years ago, planted malicious code disguised as public SW, and hacked several companies for years.

It has been revealed that a hacker suspected to be Chinese collected and analyzed satellite communication signals used by South Korean institutions, disguised as normal equipment, unauthorizedly accessed the ground satellite network management system, and attempted to penetrate the government’s administrative network for the first time.

The National Intelligence Service is conducting a comprehensive inspection of the operation status of nationwide satellite communication networks as the hacking attempt targeting it was confirmed for the first time.

Chinese newspapers and PR companies have also been caught creating more than 200 sites disguised as South Korean media, posting pro-Chinese and anti-American content, and spreading it through social media influencers.

The National Intelligence Service predicts that there will be fake news or election system hacking attacks during this year’s election season.

The results of the three-party joint security inspection conducted by the Election Commission, the National Intelligence Service, and the Korea Internet & Security Agency (KISA) from July to September last year found that there were vulnerabilities in hacking that could be infiltrated into the Election Commission’s voting and counting management system from outside at any time.

In addition, a dedicated team has been formed since the 22nd to identify the scope of damage and attackers about suspicions of hacking the Supreme Court’s computer network by North Korean hacking groups. It has been conducting on-site investigations with the Court Administration Office.

Last year, concerning the supply of Chinese-made weather observation equipment infected with malicious code to the Korea Meteorological Administration, the National Intelligence Service announced that it would improve the security compliance verification system for IT products introduced by public institutions and strengthen supply chain security.

Jong Wook Baek, the third director of the National Intelligence Service, said, “This year, which is the year of the election in which more than half of the world’s population participates, it is urgent to prepare for the hacking of the election system, fake news, and dissemination of false information thoroughly, so we will do our best to block cyber threats.”