From
Send to

Suspected NK attackers hack into S. Korea's cyber command through main server

Dec. 7, 2016 - 11:16 By 임정요
Military investigators looking into the first hacking of South Korea's cyber command intranet said Wednesday the suspected North Korean attackers accessed the network through a server in the defense ministry's main information center.

The findings raised concerns that confidential information may have been compromised as the affected server is connected with the information systems of the Army, Navy and the Air Force. But the ministry said information saved on the server was not stolen.

The Ministry of National Defense said a total of 3,200 computers, including 700 linked with the intranet, were contaminated with malware in the latest cyber attack, which occurred on Aug. 4.

It said some military documents were hacked while refusing to provide details. The computer used by Defense Minister Han Min-koo was also affected, the official said.

On Tuesday, the ministry said the IP addresses linked to the attack were traced to a location in China that has been used by North Korean hackers.

"As one of the military's two integration servers was jointly linked to the internet and the intranet, it allowed the hackers to gain access to the intranet," a ministry official said.

It is one of two servers the military operates. The other server involves information for the defense ministry, the Defense Security Command and the Defense Acquisition Program Administration (DAPA).

"We are still in the process of determining what data were leaked. We found the hackers infiltrated the intranet using the main server but information in the server remains intact," the official said.

The cyber command separated the affected server from the whole network to avoid the spread of viruses in October, two months after the initial hacking attempt was made in August.

It marked the first time that the data of South Korea's cyber command has been compromised. South Korea set up the command in January 2010 as part of its efforts to counter external hacking attempts on the country's military.

North Korea -- which has thousands of cyberwarfare personnel -- has a track record of waging cyberattacks on South Korea and the United States in recent years, though it has flatly denied any involvement.

Earlier this year, Seoul accused North Korea of stealing information from about 10 South Korean officials by hacking into their smartphones.

Two months ago, Rep. Kim Jin-pyo, a lawmaker of the main opposition Democratic Party, claimed that the cyber command was hacked in September. He told Yonhap that the attack targeted the "vaccine routing server" installed at the cyber command.

Kim, who is a member of the parliament's national defense committee, said that a malicious code was identified and it appears to have taken advantage of the vulnerability of the routing server.

The server is tasked with security on computers that the military has for internet-connection purposes. Around 20,000 military computers are known to have been connected to the server.

Kim said in October that chances are "very low" that the hacking led to a leak of confidential information, given that the military's intranet is not connected to the server.

The defense ministry later announced it has identified the intrusion of the malicious code into the system. (Yonhap)