North Korea Managed to Hack South Korean Military Network

South Korea’s military network was compromised by what are believed to be North Korean hackers, who managed to access the intranet and steal several military secrets.

The country’s Defense Ministry revealed today that the attack took place on September 23 and specifically targeted systems that are being used to deliver updates.

Although South Koreans aren’t entirely sure that North Korean hackers are behind the attacks, the ministry says that they discovered evidence, including code, that show some similarities with other hacks launch by their neighbours.

“The military formed a cyber investigative team to look into this matter and found that some military data — including confidential information — has been leaked. It appears to be a North Korean act,” the ministry was quoted as saying by Korea Herald.

It appears that the attack was launched from Chinese servers, but South Korea says that no military data regarding the country’s partnerships with other states were accessed.

The ministry, however, admitted that state secrets were stolen, including military information, but he refused to provide any specifics as an investigation is still under way.

“We cannot give out details on what information was leaked because it might give (North Korea) an advantage in the ongoing cyber warfare,” he said.

It appears that the malware used for the attack was installed on the affected systems in August, but it’s not yet clear why exactly North Korean hackers waited until September 23 to break into these computers.

According to the ministry, the compromised computers weren’t supposed to be connected to the Internet, but due to “administrative carelessness and violation of regulation,” hackers managed to infiltrate into the intranet and get full remote control over the systems.

South Korea requires employees using military systems to only connect them to the Internet if no classified information is stored, and to remove all data when they complete their work. Hackers, however, found confidential data after infecting multiple servers, even though these weren’t supposed to have an active Internet connection or store military secret information.

Related posts

ANY.RUN Discovers Tricky Phishing Attack Using Fake CAPTCHA

Kia Dealer Portal Vulnerability Risked Millions of Cars

Latest Octo Malware Variant Mimics Popular Apps Like NordVPN, Chrome