Pierluigi Paganini June 13, 2016

The Government of Seoul reported that North Korean Hackers stole defense-related documents and photos from two South Korean companies.

The news that North Korean hackers have stolen thousands of records from private firms and state agencies in the South Korea is not new. In the last wave of attacks, the North Korean hackers have stolen more than 42,000 internal records containing defense industry data from two companies.

According to the Yonhap news agency, the two companies breached are the Korean Air Lines Co. and the SK Networks.

The news was reported by the National Police Agency, that added they local authorities have identified the source of the attack. According to the Seoul police, the security breach was discovered earlier this year, the attackers launched the attack from at least 16 servers based in Pyongyang.

The Police confirmed that some of the servers used in the attack had the same IP addresses as those that were involved in attacks spotted in 2013 against Seoul’s banks and TV broadcasters in 2013.

The authorities of the South Korea confirmed that North Korean hackers breached entities in the South after they successfully compromised in 2014 a computer management software developed by a Seoul IT firm.

According to a South Korean military official, the stolen data wasn’t sensitive information, its theft will have no severe impact on the Korean industry.

“The leak will likely have a negligible impact on national security,” the official said.

The attack appears to be a large-scale offensive that requested a significant effort of the attackers’ perspective that used at least 33 different strains of malware to infect the targeted system and gain their complete control.

“North Korea turns out to have been preparing for a long time to try to launch a countrywide cyberattack,” states the announcement issued by the authorities.

“The police said that by detecting the breach they prevented what appeared to be the start of a large-scale cyberattack. The attack originated from an internet address based in Pyongyang and used in a 2013 cyberattack that disabled the computer systems of South Korean banks and TV stations, the police said.” reported the WSJ.

The tension between the two governments is always high, in early May, Seoul accused Pyongyang of a cyber attack that in April hit a navy defense contractor, the Hanjin Heavy Industries & Construction Co. On the other side, the North Korea denied, as usual, any involvement and sustained that the attribution is political.

“After identifying signs that Hanjin Heavy Industries may have been hacked on April 20, the Defense Security Command is currently leading a security investigation into whether any military secrets were leaked and whether North Korea was involved,” states the Yonhap citing unnamed officials.

The Hanjin Heavy Industries & Construction Co provides naval vessels and amphibious assault vehicles (e.g. ROKS Dokdo) to the South Korea.

The North Korea is considered one of the most dangerous countries in term of information warfare, it operates one of the most aggressive cyber armies of the world.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – North Korean Hackers, Information Warfare)