North Korean hackers stole data from South Korea court computers: police
Seoul authorities reveal extensive cyber intrusion spanning two years, revealing North Korea's sophisticated cyber warfare tactics aimed at gathering intelligence and earning foreign currency.
North Korean hackers stole sensitive data, including individuals' financial records, from a South Korean court computer network over two years, Seoul police said.
The nuclear-armed North is known to operate an army of thousands of hackers operating both inside the largely isolated country and apparently overseas, and has been blamed for several major cyberattacks in the past.
South Korean national police said on Saturday that the hackers pilfered 1,014 gigabytes of data from a court's computer system from January 2021 to February 2023, citing a joint investigation with the country's spy agency and prosecutors.
The hackers' malware transmitted stolen data, including South Koreans' marriage and personal debt records, to "four domestic and four overseas servers" before it was finally "detected by antivirus software", the national police said in a statement sent to AFP.
The data breach was found to be the work of a North Korean hacking outfit after authorities compared the detected malicious programmes, server payment details and IP addresses with those identified in earlier hacking cases attributed to Pyongyang.
Seoul authorities have retrieved and identified just 4.7 gigabytes of the stolen data, which stored 5,171 documents related to personal debt rehabilitation cases, including marriage certificates and statements about debt and reasons for insolvency, police said.
Cyber warfare escalates
Analysts say the North has stepped up cyberattacks in recent years in a bid to earn hard foreign currency in the face of United Nations sanctions imposed over its nuclear and missile programmes.
According to Seoul, Tokyo and Washington, Pyongyang stole as much as $1.7 billion in cryptocurrency in 2022 alone and supported its weapons programmes in part by gathering information through "malicious cyber activities".
In February, Seoul's spy agency said North Korean spies were using LinkedIn to pose as recruiters and entice South Koreans working at defence companies so the spies could access information on the firms' technology.
North Korea's cyber-programme dates back to at least the mid-1990s, but has since grown to a 6,000-strong cyberwarfare unit, known as Bureau 121, that operates from several countries, including Belarus, China, India, Malaysia and Russia, according to a 2020 US military report.