South Korea’s Defense Ministry said Tuesday the military’s intranet had been hacked for the first time ever, presumably by North Korea, resulting in a number of military secrets being leaked.
The military found that malicious code had been spread on its computers via its servers used to relay updates on Sept. 23.
“The military formed a cyber investigative team to look into this matter and found that some military data -- including confidential information -- has been leaked. It appears to be a North Korean act,” the ministry said.
Code used in the attack has certain similarities with that previously used by North Korean hackers, a ministry official explained.
He added that the attack originated from Shenyang, China, where many North Korean hackers are believed to be based and which was the believed origin of a 2014 attack on Korea Hydro & Nuclear Power Co.
But the official refused to specify what data had been stolen.
“We cannot give out details on what information was leaked, because it might give (North Korea) an advantage in the ongoing cyber warfare,” he said. He also refused to confirm how many computers were hit by the cyberattack, but added that multiple servers in the intranet was infected.
The military said that none of the data from other countries that has signed intelligence sharing agreements with South Korea has been stolen.
The incident raised questions about the security of what the military had basically described as “unreachable.”
The military’s manual states that no classified information can be saved on computers connected to the internet, and that the line must be cut off during the operation and any activity must be erased afterwards.
But some of the computers -- located in one of the bases -- linked to the intranet was connected to the internet due to “administrative carelessness and violation of regulation,” the ministry said.
The connection opened a path to infection of malicious code, allowing hackers to remotely control the computers and steal the data.
While the first large-scale activity took place on Sept. 23, some of the code that allowed the attack had already been planted on Aug. 8.
During the hacking attack on the Korea Hydro & Nuclear Power Co. in 2014, officials had also claimed that a hacker could not infiltrate its intranet because it was cut off from outside.
As follow-up measures for the attack, the military outlined 14 tasks to step up cyber security. This includes procuring a measure to monitor the section where the internet and the military intranet could be interlinked and replacing the current computer vaccine system.
By Yoon Min-sik (minsikyon@heraldcorp.com)