Supreme Court, “Beware of secondary damage” over 1,014GB of personal information leaked

Pay special attention to voice phishing and spam email transmission.
The incident was revealed more than a year after the incident was known… Criticism of delayed response

The Supreme Court said on the 11th, “Please pay special attention to prevent secondary damage” regarding the personal information leak by a North Korean hacking organization.

The Court Administration of the Supreme Court posted on its website this afternoon, ‘Additional guidance on personal information leakage due to infringement of the judiciary’s computer network,’ and said, “To prevent secondary damage such as identity theft, voice phishing, and spam email transmission using leaked personal information, please contact the source.” “Please pay special attention when receiving unclear emails, texts, or phone calls,” he emphasized.

The Ministry of Public Administration and Security said, “According to the results of the investigation notified by the investigative agency on the 8th, there has been an intrusion of malicious code presumed to be the work of a North Korean hacking organization into the internal server of the judiciary computer network since before January 2021.” “It was confirmed that 1,014 GB (gigabytes) of court data had been transmitted outside the judiciary’s computer network as of March,” he explained.

He continued, “The leak was confirmed to be true as 5,171 files related to the rehabilitation case were discovered outside the judiciary’s computer network.”

In addition, “It is presumed that the leaked court data contains a significant amount of personal information, but since detailed personal information details and contact information cannot be immediately identified, the general information identified to date is based on Article 34 of the Personal Information Protection Act and Article 39 of the Enforcement Decree of the same Act. Announce the facts. “In the future, if individual documents are analyzed and specific personal information leakage items are identified, we will quickly take action such as notification and posting in accordance with the law,” he said.

Lastly, he said, “If you have any additional questions or if damage occurs or is expected, please contact the administrative office.”

Previously, in March, the Ministry of Public Administration and Security issued an apology in the name of Minister of Public Administration Cheon Dae-yeop, saying, “The subject of the attack, believed to be related to North Korea, infiltrated the judiciary’s computer network,” and “We deeply apologize for causing great concern to the people.” Posted.

However, some point out that even though the Supreme Court discovered circumstances of data leakage, such as detecting and blocking malicious code in February of last year, it was busy minimizing and concealing the incident without requesting help or notifying external organizations.

The case was first made public through media reports in November of last year, and a joint investigation was launched by the National Police Agency, National Intelligence Service, and Prosecutors’ Office in early December. The apology in the name of Chief Administrative Office Cheon was published only in March of this year, more than a year after the incident.

In response to a reporter’s question, “Is there any separate punishment for the court’s personal information protection officer not reporting the hacking even after being aware of it?” a police official responded, “There are no provisions for criminal punishment for failure to report.” Meanwhile, the National Police Agency’s National Investigation Agency is conducting a national investigation. The headquarters announced that the North Korean hacking organization Lazarus broke into the court’s computer network from before January 7, 2021 to February 9, 2023 and transmitted 1,014 GB of data to the outside.

Among these, the data confirmed to have been leaked are 5,171 documents (4.7GB) related to personal rehabilitation. We were able to restore and uncover one out of eight servers used by Lazarus for hacking. This included a handwritten statement containing personal information such as resident registration number or account number, a report on increased debt and insolvency, a marriage certificate, and a medical certificate.

However, with the exception of 5,171 documents, it is not even known what type of leaked data it is.

The National Police Agency said, “The attacker had been intruding into the court’s computer network since at least January 7, 2021, and the detailed records of the security equipment at that time had already been deleted, so the timing and cause of the initial intrusion could not be revealed.”

[서울=뉴시스]