North Korean hackers are increasing their attacks on South Korean private companies.
Pyongyang’s latest attacks on the computer networks of KT, Hanjin Group and SK Group shows that private firms have lax cybersecurity overall compared to the government and public organizations, therefore easily falling prey to North Korean hackers.
The victimized firms include Korean Air and SK Networks Service.
“The media outlets and banking groups have beefed up their security accordingly since North Korea’s cyberattack in March 2013 but most of the family-owned conglomerates and smaller firms still have not taken protective measures,” said Shin In-kyun, a military expert who heads the Korea Defense Network (KDN).
Yang Uk, a senior research fellow at the Korea Defense and Security Forum, said, “It takes less time and effort to steal confidential information concerning national security from private companies than from the government.”
The National Police Agency (NPA) said Monday that North Korea accessed over 42,600 files on the defense industry and telecommunications networks by compromising PCs belonging to 10 Hanjin Group affiliates and 17 SK Group affiliates since July 2014.
Two of KT’s PCs were also infected by malware although their data remained secure.
The intrusion was uncovered in February when police carried out relevant procedures after North Korea’s fourth nuclear test on Jan. 6.
Investigators said most of the stolen information were not confidential and “too minor” to pose a threat to national security.
But analysts disagreed.
“It’s possible North Korea will grasp an idea of our defense strategy if they continue to collect small pieces of information through hacking and compile them altogether eventually,” Shin said.
Yang speculated North Korea may have figured out how often the United States Air Force carries out maintenance work on F-15 fighter jets.
He cited that Korean Air supplies wing parts for the jet, whose blueprints were among the information copied by North Korean hackers along with photos showing parts of medium-altitude unmanned aerial vehicles (UAVs).
More than 130,000 PCs are believed to have been affected in the latest cyberattack.
Some government officials have claimed the financial damage would have reached over 2 trillion won ($1.7 billion) if North Korea had paralyzed those PCs.
They pointed out that the damage cost 882.3 billion won in March 2013 when Pyongyang breached a total of 48,284 PCs at broadcasting companies and banks and wiped their data.
North Korea initiated the cyberattack this time using malware called “ghost rat” to exploit a vulnerability in a program developed by a software company offering cybersecurity management for 160 clients.
The clients other than KT, Hanjin Group and SK Group include Samsung SDS, the Ministry of Foreign Affairs and Seoul National University, according to police.
“In this climate, it should be each private company’s job to develop its own cybersecurity system to protect itself against hackers,” Yang said.
Shin urged the National Assembly to grant more power to the National Intelligence Service and Cyber Warfare Command concerning investigations of cybersecurity breaches.
“With North Korea advancing its cyberwarfare capabilities exponentially, opposition lawmakers should consider national security first although protecting citizens’ privacy is equally important,” he said.