North Korean Hacking Group Targets IT Service Firms to Steal Confidential Information from Institutions and Companies... Caution Advised

The National Intelligence Service recently announced on the 4th that North Korean hacking groups are stealing confidential and core data from major national institutions and advanced companies through software (S/W) supply chain attacks, urging related industries to be cautious.

S/W supply chain security refers to the cybersecurity system that occurs throughout the entire lifecycle of S/W development, supply, and use. According to the National Intelligence Service, North Korean hacking groups are focusing on data theft by utilizing three types of attacks: indirect infiltration of institutions and companies through hacking IT service providers of major national institutions and advanced companies, infiltration exploiting vulnerabilities in IT solutions and S/W, and hacking targeting security management weaknesses.

View original image

In fact, last October, a North Korean hacking group hacked the email of an employee at company A, a local government network maintenance company, stole server access accounts stored in the email, then accessed the local government network remote management server without authorization and attempted to steal administrative data. The National Intelligence Service explained, "To prevent damage, it is necessary to raise the security level by providing security education to IT service provider employees, blocking external access routes, and strengthening authentication methods."

A single attack targeting IT solutions used for integrated management and distribution of internal data can lead to massive internal information leaks. This month, North Korean hacking groups exploited security vulnerabilities in the electronic approval and communication groupware of defense cooperation company D, installed malware, and attempted to steal internal data such as employee emails and network configurations. To prevent such attempts in advance, measures such as S/W security patches, prohibiting administrator account access via the internet, and regular vulnerability inspections are necessary.

There have also been hacking cases targeting security management weaknesses of institutions and companies, such as overly simple passwords. In February this year, North Korean hacking groups took advantage of the fact that the administrator page of mobile identity verification company E was easily accessible via the internet, meticulously analyzed the vulnerability using security search engines, and accessed it without authorization with administrator privileges. The National Intelligence Service stated, "To strengthen internal security management, problems should be improved by creating a checklist of basic security rules and cross-checking them, and raising employees' security awareness through security education."

Hot Picks Today

"Could I Also Receive 370 Billion Won?"... No Limit on 'Stock Manipulation Whistleblower Rewards' Starting the 26th

• Samsung Electronics Labor-Management Reach Agreement, General Strike Postponed... "Deficit-Business Unit Allocation Deferred for One Year"
• "From a 70 Million Won Loss to a 350 Million Won Profit with Samsung and SK hynix"... 'Stock Jackpot' Grandfather Gains Attention
• "Stocks Are Not Taxed, but Annual Crypto Gains Over 2.5 Million Won to Be Taxed Next Year... Investors Push Back"
• "Who Is Visiting Japan These Days?" The Once-Crowded Tourist Spots Empty Out... What's Happening?

Yoon Oh-jun, the 3rd Deputy Director of the National Intelligence Service, said, “S/W supply chain attacks can lead to widespread damage, so both IT suppliers and users must remain vigilant,” adding, “At the government level, through the ‘Government Joint Supply Chain Security T/F’ launched in September last year, efforts will be made to advance supply chain security, including institutionalizing the ‘S/W Supply Chain Security System’ by 2027.”

© The Asia Business Daily(www.asiae.co.kr). All rights reserved.