Hackers steal data from South Korea court computers
Marriage and personal debt records were transferred to different servers
SEOUL (AFP) — North Korean hackers stole sensitive data, including individuals’ financial records, from a South Korean court computer network over two years, Seoul police said Saturday.
The nuclear-armed North is known to operate an army of thousands of hackers operating both inside the largely isolated country and apparently overseas, and has been blamed for several major cyberattacks in the past.
South Korean national police said the hackers pilfered 1,014 gigabytes of data from a court’s computer system from January 2021 to February 2023, citing a joint investigation with the country’s spy agency and prosecutors.
The hackers’ malware transmitted stolen data, including South Koreans’ marriage and personal debt records, to “four domestic and four overseas servers” before it was finally “detected by antivirus software,” the national police said in a statement sent to Agence France-Presse.
The data breach was found to be the work of a North Korean hacking outfit after authorities compared the detected malicious programs, server payment details and Internet Protocol addresses with those identified in earlier hacking cases attributed to Pyongyang.
Seoul authorities have retrieved and identified just 4.7 gigabytes of the stolen data, which stored 5,171 documents related to personal debt rehabilitation cases, including marriage certificates and statements about debt and reasons for insolvency, police said.
Analysts say the North has stepped up cyberattacks in recent years in a bid to earn hard foreign currency in the face of United Nations sanctions imposed over its nuclear and missile programmes.
According to Seoul, Tokyo and Washington, Pyongyang stole as much as $1.7 billion in cryptocurrency in 2022 alone and supported its weapons programs in part by gathering information through “malicious cyber activities.”
In February, Seoul’s spy agency said North Korean spies were using LinkedIn to pose as recruiters and entice South Koreans working at defense companies so the spies could access information on the firms’ technology.
North Korea’s cyber-program dates back to at least the mid1990s, but has since grown to a 6,000-strong cyberwarfare unit, known as Bureau 121, that operates from several countries, including Belarus, China, India, Malaysia and Russia, according to a 2020 United States military report.