The National Intelligence Service recently captured the fact that North Korean hacking organizations are using advanced hacking methods to steal confidential materials and core technologies from major state agencies and advanced corporations, and urged caution within related industries on the 4th.
According to the National Intelligence Service, the North Korean hacking organization is attacking the software supply chain through three methods: penetrating agencies and corporations via IT service provider hacks, exploiting vulnerabilities in IT solutions and software, and hacking targeted at security management gaps.
If the security of IT service providers is weak, even if the security systems of customer corporations are well established, they can still be exposed to hacking damage. In fact, last October, the North Korean hacking organization hacked the employee email of a local government's network maintenance company A and stole server access accounts, then unauthorized access to the remote management server of the local government's network in an attempt to steal administrative data. Accordingly, IT service providers need strengthened security training, blocking external access routes, and enhanced authentication measures.
The North Korean hacking organization is trying to leak a large amount of internal information by exploiting security vulnerabilities in IT solutions. Earlier this month, they exploited security flaws in company D's electronic payment and communication groupware used for defense collaboration to install malicious code and attempted to steal internal materials such as employee emails and network configurations. To prevent this, software security patches, prohibition of administrator account access via the internet, and periodic vulnerability checks are needed.
The National Intelligence Service pointed out that easy-to-guess initial passwords and poorly secured administrator pages become major targets for North Korean hacking organizations. In February, they exploited the fact that the administrator page of mobile identification provider E was easily accessible online, analyzed vulnerabilities using a security search engine, and gained unauthorized access with administrator privileges. Accordingly, agencies and corporations should enhance inspections using security checklists and strengthen security training.
To block cyber threats, the National Intelligence Service provides related information through the National Cyber Security Center website and the Cyber Threat Information Sharing System (KCTI).
Yoon Oh-jun, Deputy Director of the National Intelligence Service, noted, "Attacks on software supply chains can lead to widespread damage, so both IT providers and users must remain vigilant," and added, "The government has been operating a 'Joint Government Supply Chain Security Task Force' since last September and will institutionalize the software supply chain security system by 2027 to lead the advancement of security."