Korean security company SK shieldus suffered a breach in which internal data was leaked externally after a hacking attack. The company first explained that only a "virtual environment (honeypot)" had been breached, but it turned out that documents related to actual work were included.
According to the security industry on Oct. 19, SK shieldus formally reported a cyber intrusion to the Korea Internet & Security Agency (KISA) at 10 a.m. the day before. The U.S.-based hacking group "Black Shrantac" claimed on Oct. 17 via the dark web that it had stolen about 24GB of data from SK shieldus and released images of some files. The group said the haul included client information, system diagrams, HR and payroll data, security technology documents, and API authentication keys.
In the early stages of the incident, SK shieldus said that the area accessed by the hacker was a honeypot for detecting hacks and was unrelated to the actual internal network. A honeypot is a virtual system intentionally set up to identify attackers' patterns.
However, a later investigation found an unexpected vulnerability. On a virtual machine (VM) connected to the honeypot, an employee's personal email account was logged in automatically, and some actual work documents were reportedly leaked externally through this path.