South Korea appears to have been hacked once again by its northern rival, and thousands of defense-related documents have been stolen.
According to claims by South Korea’s police cyber investigation unit, the attack from North Korea began to target 140,000 computers at defense contractor firms and government agencies back in 2014, but was only unearthed in February this year.
South Korean police say they believe that North Korea was either planning a major internet attack, or running a long term campaign to steal as much information as possible:
“There is a high possibility that the North aimed to cause confusion on a national scale by launching a simultaneous attack after securing many targets of cyber terror, or intended to continuously steal industrial and military secrets.”
According to a Reuters report, corporate victims of the hacking attack have included companies in the SK Holdings group and Korean Air Lines, although they say that they closed the breaches quickly and any leaked files were not classified.
95% of the stolen material seized by the hackers is said to be defense-related, and most recently, documents stolen have included blueprints for the wings of F-15 fighter jets.
Even though North Korea has always denied any involvement in past hacking atttacks, investigators claim that the campaign originated from the North Korean capital of Pyongyang. Interestingly, the traced IP address originating the hacking is said to be identical to the so-called “Dark Seoul” cyber-attack against South Korean banks and broadcasters in 2013.
Network management software widely used by government agencies and private companies have been targeted in this latest attack.
Although accurately attributing internet attacks is notoriously difficult, North Korea has often been blamed for launching internet attacks – including the assault that froze parts of South Korea’s banking infrastructure in 2013, the infamous attack against Sony Pictures in 2014, and the recent attack against the Bangladesh central bank.
Although North Korea’s internet attack capability may be considerable, and no country would be wise to treat it less than seriously, we should also be careful not to believe too quickly some of the hyperbole that has previously seen claims that North Korean hackers could kill and “destroy cities”.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.