South Korea: hackers compromised Defense Acquisition Program Administration PCs

South Korea – Allegedstate-sponsored hackers compromised 10 PCs at ministry’s Defense Acquisition Program Administration.

Unknown hackers compromised 10 PCs at ministry’s Defense Acquisition Program Administration which is the office that manages the military procurement.

The news was confirmed by the South Korea Ministry of National Defense.

“It has been turned out that 30 computers installed on the internal system of the Defense Acquisition Program Administration, in charge of arms procurement such as next-generation fighter jets, have come under simultaneous virtual attacks and 10 out of them saw internal data leaked.”
the Korea’s Dong-A Ilbo reports.

“As cyberattacks have continued on major Korean foreign affairs facilities including the Korean presidential office Cheong Wa Dae, the National Assembly and the Defense Acquisition Program Administration, concerns are ever increasing regarding the government’s cyber security capabilities.”

The systems targeted by the hackers contain sensitive data on purchases for military equipment and weapons, including “next-generation fighter jets,”

The security breach was disclosed this week in a report from a South Korean politician.

The National Assembly and the Defense Acquisition Program Administration confirmed that no confidential information was accessed or exfiltrated by hackers.

The security breach has occurred on October 4, 2018, the attack aimed at 30 computers, but only 10 of them were hacked. The intrusion was spotted on October 26 when the National Intelligence Service noticed suspicious traffic on IP associated with the Agency.

The intrusion coincides with another attack on Liberty Korea Party Rep. Baek Seung-joo’s email account. Experts believe that a threat actor politically motivated targeted systems of Korea’s major organizations simultaneously.

“It is dubious whether the agency issued a conclusion to conceal damage and minimize the scope of penetration,” Rep. Lee pointed out. “Further investigation to find out if the source of attacks is North Korea or any other party.”

The A Ilbo added that an intelligence agent said that further review will be executed on defense measures implemented to protect by the Defense Acquisition Program Administration’s systems.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – South Korea, Defense Acquisition Program Administration)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.