Threat Management, Threat Intelligence

N. Korea accused of hacking S. Korea’ military cyber-command

South Korea has announced that its military cyber-command, set up to guard against hacking, appears to have been breached by North Korea.

"It seems the intranet server of the cyber-command has been contaminated with malware. We found that some military documents, including confidential information, have been hacked," an official at the Ministry of National Defence told Yonhap News Agency.

South-Korean authorities believe that North Korea is behind this latest attack. It is seen as unusual, as the DPRK has previously been accused of hacking into banks and media outlets but never the South's military.

The Yonhap news agency said that, “According to the Korea Internet & Security Agency (KISA), a series of cyber-attacks may occur with the aim of stirring increased political and social instability in the country. In particular, military and North Korea-related sites would be the targets of their attacks.”

Adding: “The report came as North Korea has ratcheted up its cyber-warfare against the South. North Korea has been long accused of waging cyber-warfare, including hacking South Korea and even US companies.”

In March 2013, North Korea carried out a massive cyber-attack on South Korean financial firms and TV broadcasters, causing their networks to crash. In late 2014, the US accused Pyongyang of staging cyber-attacks on Sony Pictures, which released "The Interview," a fictional movie about assassinating the North's current leader.

It is not clear whether low-grade documents or more important details like war plans were accessed. The South Korea military said that the compromised section of its network was isolated once the attack was detected.

Jens Monrad, senior intelligence analyst at FireEye told “Given the isolated status of North Korea, as well as the ongoing political tensions between North Korea and South Korea, it is very likely that North Korea will attempt to conduct cyber-attacks against South Korea. It's likely most cyber-threats from Democratic Republic of North Korea (DPRK) are primarily influenced by geopolitical concerns tied into Pyongyang's security interests and here the Korean Peninsula would be considered a strategic target.”

Concluding, Monrad said: "The lack of computer networking infrastructure in North Korea complicates and limits any reciprocal cyber response, which provides a greater advantage to Pyongyang. Suspected North Korean actions are often focused on the Korean Peninsula, such as targeting the Republic of South Korea for military secrets and South Korean think tanks for policy and security-related information.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.