Sino-NK

South Korea’s National Intelligence Service (NIS) has revealed that North Korean hackers recently breached South Korean cloud computer networks and conducted a mass credit card data heist. This, along with the return of Kim Yong Chol to the Korean Workers’ Party’s Politburo, gives Seoul’s main spy agency reason to believe cyberattacks against the ROK will only grow more serious than in previous years, a postulation supported by hard data.  

ROK Intelligence: Threat of DPRK hacking on the rise… theft of 1,000 citizens’ credit card data detected^[1]

Average of 1.37 million cases of state-backed cyberattacks per day recorded in first half of 2023

The threat of North Korean hacking is on the rise, according to the ROK’s National Intelligence Service (NIS). One indication of this emerging threat that has come to light is the spy agency’s detection of North Korean hackers stealing the credit card information of some 1,000 ROK citizens.  

The NIS revealed this information at a conference held on July 19 in Pangyo, Gyeonggi Province.

One NIS official said “Using stolen email account information, after logging into the email accounts they stole credit card information by accessing interconnected cloud data storage centers and stealing an image of the credit card being stored. Thus, they gained access to data such as the card number, expiration date and CVC number. After the leak of personal financial data was detected, the Financial Services Commission, the Financial Security Institute and other relevant organizations were notified so that they could take appropriate measures. However, the damages suffered from this incident were not publicly revealed until now” the official explained. 

Meanwhile, it has come to light that North Korean hackers have on several occasions attacked financial systems, blockchain businesses and digital asset exchanges, stealing digital assets. However, stealing personal financial data is a first, raising the possibility that the data leak could be used to conduct fraudulent transactions. 

Furthermore, the NIS added that from 2022, the DPRK has hacked into security certification programs (such as INISAFE and MagicLine) installed on more than 10 million PCs across the ROK, and hacked the security products of around 250 organizations, attempting to breach their internal networks. 

The Korean intelligence agency also stated that hackers made a Naver clone site for phishing and attempted to steal personal data in real time by synchronizing it with Naver. 

The NIS expressed fears that such cyber threats as a whole are on the rise. The Korean spy agency revealed that in the first half of this year, they detected and responded to a daily average of 1.37 million attempted state-backed and global cyberattacks. 

This marks at 15% increase from last year. ROK intelligence analyses show that by far most cyberattacks – 70% – came from groups in the DPRK, followed by Chinese and then Russian organizations, officials said. 

The ROK’s spy agency contended that cyberattacks may grow increasingly stronger following the return of former United Front director Kim Yong Chol.  

In the middle of last June, during the eighth enlarged plenary meeting of the 8th Central Committee of the ruling Workers’ Party of Korea, Kim returned to the party’s Politburo. He had previously held top positions in the United Front and the General Reconnaissance Bureau. 

As NIS noted, it was during Kim’s tenure as director of the General Reconnaissance Bureau that incidents such as the July 7, 2009 DDoS attack, the cyberattack on Nonghyup’s computer network, and the March 20, 2013 cyberattackoccurred.

NIS stated that Pyongyang may strengthen its illicit intelligence-gathering activities against neighboring countries in the fields of aerospace and defense, and that for the sake of unifying the population or distracting it from current difficulties, may conduct a large-scale attack on software supply chains to spark social upheaval. 

Korean intelligence also noted that the threat of cyberattacks from China is also growing. Last April, Chinese hacking groups attempted to breach the internal networks of private firms performing service activities for ROK government entities.

Specifically, the government confirmed that measurement equipment produced in China and sold to Korean organizations contained malicious codes. NIS said it is conducting a full investigation in cooperation with affected organizations that have received the equipment. During the investigation, an additional issue was confirmed to have arisen. 

If additional malicious codes are discovered in the Chinese IT equipment during the course of the investigation, it is possible the government may forbid public entities from using the technology or even impose an import ban. “The investigation is ongoing,” one intelligence official said, declining to give details.

Original article by Kang Jin-kyu. Translated by Anthony V. Rinna.

[1] [Source] ROK Intelligence: “Threat of DPRK hacking on the rise… theft of 1,000 citizens’ credit card data detected” 국정원 “북한발 해킹 위협 고조…신용카드 1000건 정보 절취 적발”, Digital Today, July 19, 2023 http://www.digitaltoday.co.kr/news/articleView.html?idxno=482212