North Korea hackers stole data from South Korea court computers

Nevin Al Sukari - Sana'a - File photo of a South Korean soldier using binoculars to look out to sea from a watchtower on the Yeonpyeong island, which lies just inside the South Korean side of the Northern Limit Line (NLL) in the Yellow Sea April 8, 2014. - Reuters pic

SEOUL, May 11 — North Korean hackers stole sensitive data, including individuals’ financial records, from a South Korean court computer network over two years, Seoul police said today.

The nuclear-armed North is known to operate an army of thousands of hackers operating both inside the largely isolated country and apparently overseas, and has been blamed for several major cyberattacks in the past.

South Korean national police said the hackers pilfered 1,014 gigabytes of data from a court’s computer system from January 2021 to February 2023, citing a joint investigation with the country’s spy agency and prosecutors.

The hackers’ malware transmitted stolen data, including South Koreans’ marriage and personal debt records, to “four domestic and four overseas servers” before it was finally “detected by antivirus software”, the national police said in a statement sent to AFP.

Advertisement

The data breach was found to be the work of a North Korean hacking outfit after authorities compared the detected malicious programmes, server payment details and IP addresses with those identified in earlier hacking cases attributed to Pyongyang.

Seoul authorities have retrieved and identified just 4.7 gigabytes of the stolen data, which stored 5,171 documents related to personal debt rehabilitation cases, including marriage certificates and statements about debt and reasons for insolvency, police said.

Analysts say the North has stepped up cyberattacks in recent years in a bid to earn hard foreign currency in the face of United Nations sanctions imposed over its nuclear and missile programmes.

Advertisement

According to Seoul, Tokyo and Washington, Pyongyang stole as much as US$1.7 billion (RM8.1 billion) in cryptocurrency in 2022 alone and supported its weapons programmes in part by gathering information through “malicious cyber activities”.

In February, Seoul’s spy agency said North Korean spies were using LinkedIn to pose as recruiters and entice South Koreans working at defence companies so the spies could access information on the firms’ technology.

North Korea’s cyber-programme dates back to at least the mid-1990s, but has since grown to a 6,000-strong cyberwarfare unit, known as Bureau 121, that operates from several countries, including Belarus, China, India, Malaysia and Russia, according to a 2020 US military report. — AFP