[Exclusive] Over 20,000 Intrusion Attempts on National Assembly Network: "National Assembly Also at the Center of Cyber Threats"

Attempts at cyber intrusions targeting the National Assembly's information systems have surpassed 20,000 cases over the past four years as of October 13, 2025. Not only have there been simple intrusion attempts, but there is also evidence that access rights to the National Assembly's email server have been offered for sale. In the first half of this year, hacking incidents targeting companies, including mobile carriers, drew attention, and concerns are mounting that even the National Assembly, a constitutional institution responsible for legislation, is not immune to cyberattacks.

According to data submitted by the National Assembly Secretariat to Assemblyman Lee Haemin of the Party for National Innovation, a member of the National Assembly Science, Technology, Information and Communications Committee, a total of 20,594 intrusion attempts on the National Assembly's information systems (including the National Assembly website, email, and legislative data systems) were detected from 2022 through last month. By year, there were 3,355 cases in 2022, 4,981 in 2023, and 7,315 in 2024, showing a sharp increase each year. As of last month, 4,943 cases have already been detected this year, suggesting the total will surpass last year's figure.

In particular, concerns are growing that the National Assembly's email server may have fallen into the hands of a Chinese hacking group. According to multiple domestic and international security firms contacted by Asia Economy, evidence has surfaced that the Chinese hacking organization known as "VenusTech" has been selling access to the email server generated by the Korean National Assembly. The security industry assesses VenusTech as essentially a hacking group disguised as a security company.

Evidence of the National Assembly's email server being put up for sale was found on "DarkForums," a hacking data trading site based on an anonymous network. DarkForums is part of the "deep web," which is not indexed by search engines like Google. While it does not require a special browser like the dark web, access is restricted, making it a known marketplace for trading stolen data among hackers.

According to a transaction post uploaded to DarkForums around 7 p.m. on May 17, VenusTech had stolen access rights to the National Assembly's email server and offered to send original emails to interested buyers (see screenshot). The service allows access to emails from up to 15 mailboxes, and the price is set at 65,000 yuan per month (approximately 13.07 million KRW).

The evidence of the National Assembly's email server being sold came to light when a user with the ID "IronTooth" uploaded VenusTech's internal transaction details to DarkForums. However, a security firm representative noted, "When hackers sell data after hacking a specific organization or company, they usually release sample data to give an idea of the contents. In this case, the information became known because a whistleblower leaked the hacking group's transaction records, so it is difficult to determine the specific facts, such as who within the National Assembly sent the emails and what the content was." Some in the industry speculate that this could be a case of a hacker ("IronTooth") targeting another hacker (VenusTech), but there is also the possibility of an intentional leak by an insider.

The National Assembly Secretariat stated, "Within the scope of what can currently be confirmed, there is no evidence that the National Assembly's email system has suffered a hacking incident." The Secretariat conducted a special inspection over ten days from August 26 to September 5. According to the results, no signs of data leaks or vulnerabilities were found in the current system. The Secretariat added, "However, during the process of replacing the mail system in April 2023, the previous server and its logs were discarded, making it virtually impossible to verify access records prior to 2023." This means that if the data posted by the hacker pertains to the period before the server replacement, further verification would be difficult.

Assemblyman Lee Haemin pointed out regarding the suspected leak of the National Assembly's email server, "When there is a possibility that sensitive information from a state institution has been leaked externally, the public sector, unlike the private sector, still has blind spots with insufficient response systems." He emphasized, "Since the National Assembly is an independent constitutional institution, a different approach is needed compared to ordinary administrative agencies, but this incident should serve as an opportunity to overhaul security governance across the entire public sector."

Lee further stated, "Looking at the current status of detection and response to cyber intrusion attempts targeting the National Assembly, there has been a noticeable increase in threats using malicious code this year," adding, "During this audit, we will comprehensively examine whether the security systems of public institutions are keeping pace with the actual threat level."

© The Asia Business Daily(www.asiae.co.kr). All rights reserved.