North Korea suspected in hack of South Korea’s cyber command

source
Reuters

North Korea is the prime suspect in a hack of South Korea’s cyber command that resulted in the theft of confidential military documents, Yonhap News Agency reported.

“It seems the intranet server of the cyber command has been contaminated with malware,” an official at the Ministry of National Defense told Yonhap. “We found that some military documents, including confidential information, have been hacked.”

South Korea’s cyber command said it later isolated the server from the rest of the network, but it hasn’t yet determined how much data was stolen.

North Korea is often dismissed as a backwards totalitarian regime with little technology – sometimes illustrated by a lack of electricity as seen from space – but it has invested heavily in cyber, which, in some ways, allows a nation-state with few resources to inflict real-world damage.

“Given North Korea’s bleak economic outlook, [offensive cyber operations] may be seen as a cost effective way to develop asymmetric, deniable military options,” reads a 2013 Pentagon report. In other words, while North Korea may not be able to hurt a Goliath like the US or South Korea with guns or missiles, it sees hacking as a cheaper way of getting to that result.

According to a 2014 CNBC report, the Hermit Kingdom has pursued cyber warfare since the 1980s, and has targeted banks, universities, and other organizations, mainly in South Korea. But perhaps its biggest hack yet came with the breach of Sony Pictures, which saw the leak of unreleased films and embarrassing emails of studio executives in 2014.

South Korea accused the North of hacking into the smartphones of roughly 10 South Korean officials earlier this year, according to Yonhap.

North Korea has approximately 6,000 trained hackers in its military ranks, a defector from the country told the BBC. The defector taught computer science at a Pyongyang University and said many of his former students went on to the hacking unit known as Bureau 121.

Little is known about the North Korea’s cyberwarfare agency, though it does seem to employ considerable computer expertise. With its Sony Pictures breach, the hackers used a common method to gain access called spear-phishing and were able to steal credentials for a systems administrator, enabling them to burrow inside the systems for at least two months to map out their plan of attack.

Earlier this year, a top US Army General asserted in Senate testimony that North Korea had some of the world’s best hackers.

“While I would not characterize them as the best in the world, they are among the best in the world and the best organized,” Gen. Vincent Brooks told Senate leaders in May.