North Korean hacker organization invades court computer network and hacks 1,014GB of personal information

Court recognized hacking in February last year but failed to report it
After reporting at the end of last year, a joint investigation by investigative agencies began.
Hacker organization ‘Lazarus’ committed crime using 8 servers
5,171 personal rehabilitation documents leaked… The rest cannot be confirmed

It was confirmed that the North Korean hacker organization Lazarus hacked 1,014 GB of data from the court computer network. There are concerns about secondary damage as a large number of documents containing citizens’ personal information have been leaked.

On the 11th, the National Investigation Headquarters of the National Police Agency announced that Lazarus broke into the court computer network from before January 7, 2021 to February 9, 2023 and transmitted 1,014 GB of data to the outside.

Among these, the data confirmed to have been leaked are 5,171 documents (4.7GB) related to personal rehabilitation. We were able to restore and uncover one out of eight servers used by Lazarus for hacking.

This included handwritten statements containing personal information such as resident registration numbers and account numbers, reports of increased debt and insolvency, marriage certificates, and medical certificates.

The National Police Agency said, “The attacker had been intruding into the court’s computer network since at least January 7, 2021, and the detailed records of the security equipment at that time had already been deleted, so the timing and cause of the initial intrusion could not be revealed.”

Excluding 5,171 documents, it is not even known what type of leaked data it is.

An official from the National Police Agency said, “The computer network intrusion period lasted until February of last year, but the investigation began in December of last year, long after the crime occurred.” He added, “When I looked for the data later, I found that many parts had already been deleted, so I was only able to find some of them.”

Previously, the National Court Administration took its own security measures without reporting it to the investigative authorities even though it was aware of the attack on the judiciary’s computer network in February of last year. When the hacking was reported in late November last year, the National Police Agency, National Intelligence Service, and Prosecutors’ Office began a joint investigation in early December.

When the investigative agency announced that the hacking was the work of North Korea, the National Court Administration said in March, “The subject of the attack, believed to be related to North Korea, has infiltrated the judiciary’s computer network. We deeply apologize for causing great concern to the public.” He posted an apology saying, “I offer you this.”

In response to a reporter’s question, “Is there any separate punishment for the court’s personal information protection officer not reporting the hacking despite being aware of it?” a police official responded, “There are no provisions for criminal punishment for failure to report.”

The investigative agency concluded that this incident was the work of a North Korean hacking organization after comparing and analyzing the North Korean malicious program used in the crime, rental server payment details through virtual assets, and IP addresses, etc. with existing hacking incidents from North Korea.

It was discovered that the same malicious program was used in all of these incidents.

The police will provide 5,171 leaked files to the National Court Administration to notify victims whose personal information has been leaked, and will continue to track virtual assets, which are the funds for the hacking organization’s activities, through close cooperation with relevant domestic and foreign agencies.

[서울=뉴시스]