The Korea Internet & Security Agency (KISA) announced on the 25th that it has released a new version of the hacking diagnosis tool that allows private corporations to check for hacking incidents with just one click, in collaboration with the Ministry of Science and ICT.
In 2023, KISA developed and distributed a Windows-based hacking diagnosis tool that allows corporations to independently verify hacking incidents. Last year, it released an improved official version based on expert feedback from the beta version, and it has continued to enhance functionality since then.
The newly released version of the distribution includes additional features to assist Windows users, such as ▲adding Windows evidence data collection items ▲improving detection rule creation functions ▲incorporating new detection rules. Additionally, as the usage rate of Linux servers in the country has reached 29.7%, a Linux version has also been added to significantly expand its scope of use.
The Linux operating system diagnosis tool can automatically collect intrusion evidence data such as ▲process information ▲metadata ▲system logs, making it easy for non-experts to use. The hacking diagnosis tool automatically analyzes key evidence data such as attempts to access administrator accounts and attempts to leak data, presenting a three-step intuitive judgment on whether hacking has occurred.
Using corporations can report to KISA if hacking is suspected based on the results of the hacking diagnosis tool inspection, allowing them to receive technical support for intrusion incident analysis, from root cause analysis to establishing preventive measures. Detailed usage instructions and application methods for the hacking diagnosis tool can be found on the KISA Protect Nation website.
Park Yong-kyu, head of KISA's Threat Analysis Division, noted, "With the release of the hacking diagnosis tool that supports both Windows and Linux operating systems, we expect that corporations will be able to strengthen their capabilities for self-examination and analysis of hacking incidents," and added, "We will continue to expand the diagnostic tools so many corporations can diagnose and prevent hacking incidents on their own, and we will spare no technical support."