Security Experts:

Connect with us

Hi, what are you looking for?



North Korean Hackers Steal Defense Files from South

North Korean hackers managed to steal thousands of records from private firms and state agencies in the South including defense industry information and files from Korean Air, Seoul police said Monday.

North Korean hackers managed to steal thousands of records from private firms and state agencies in the South including defense industry information and files from Korean Air, Seoul police said Monday.

The hacking originated from 16 servers based in the North’s capital Pyongyang, police said, adding the North had stolen more than 42,000 internal records.

The North gained access to the internal systems of the firms and agencies at some point after hacking in 2014 into computer management software developed by a Seoul IT firm, according to the police.

North Korea Cyber Attacks

The breach was discovered earlier this year.

The hackers also planted 33 types of malicious code into the computers in an apparent bid to use them as “zombie” machines to launch future cyberattacks on other organizations in the South, it said.

The companies that were hacked include South Korea’s flagship air carrier Korean Air and SK Networks, a sister company of South Korea’s top wireless operator, SK Telecom, Yonhap news agency said.

“We worked with the organizations that were targeted to recover the lost records and fortify their computer security to prevent further infiltration,” the police said in a statement.

Some of the stolen records however contained information about the defense industry or network data essential to stage cyberattacks, it added.

The records include designs of military aircraft and Internet facilities at South Korean army barracks, according to the Yonhap.

Police added that some of the 16 servers in Pyongyang had the same IP addresses as those that had staged a crippling cyberattack on Seoul’s banks and TV broadcasters in 2013.

Seoul has in recent years blamed the North’s hackers for a series of cyberattacks on military institutions, banks, state agencies, TV broadcasters, media websites and a nuclear power plant.

The attack in March 2013 left the websites and tens of thousands of computers at several TV stations and banks paralyzed for hours.

Pyongyang has angrily denied involvement in the attacks and accused Seoul of spreading fabrications aimed at slandering its leader.

The North operates an army of more than 1,000 hackers who stage hacking or cyberattacks targeting Seoul’s major institutions or key officials, according to the South’s spy agency.

Related ReadingSouth Korea Says North Hacked Phones of Key Officials

Related Reading: South Korea Accuses North of Cyber-attacks on Nuclear Plants

Related Reading: South Korea Nuclear Plants Stage Drill Against Cyber Attack

Related Reading: South Korea’s ‘Top Gun’ Cyber Warriors

Written By

AFP 2023

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet


The North Korean APT tracked as TA444 is either moonlighting from its previous primary purpose, expanding its attack repertoire, or is being impersonated by...


FBI says a North Korea-linked threat group known as Lazarus and APT38 is behind the $100 million Horizon bridge cryptocurrency heist.


Iranian APT Moses Staff is leaking data stolen from Saudi Arabia government ministries under the recently created Abraham's Ax persona


Russia-linked cyberespionage group APT29 has been observed using embassy-themed lures and the GraphicalNeutrino malware in recent attacks.


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...


The UK’s NCSC has issued a security advisory to warn about spearphishing campaigns conducted by two unrelated Russian and Iranian hacker groups.


Artificial intelligence is competing in another endeavor once limited to humans — creating propaganda and disinformation.