hankyoreh

North Korean hackers stole around 42,000 files containing defense industry information from a computer management system used by large South Korean corporations between 2014 and the beginning of this year, the South Korean police learned in a recent investigation.

“In February of this year, shortly after North Korea‘s fourth nuclear weapons test, we received a tip about a computer virus that was presumably developed by North Korea. We responded by launching an investigation in which we learned that North Korea had hacked into the computer management system used by 160 South Korean corporations, state-run enterprises and government agencies between July 2014 and this February,” the cyber investigation department at South Korea’s National Police Agency announced on June 13.

In their investigation, the police found that documents had been stolen from subsidiaries of the Hanjin Group, including Korean Air, and subsidiaries of the SK Group, including SK Networks Service. The documents taken from Korean Air included blueprints for parts used in the F-15 American fighter jet and a manual for a drone used by the South Korean military, while the documents taken from SK included a bid proposal for a South Korean Defense Ministry project to replace aging military communications equipment and internal work-related material, the police said.

“After inquiring with the military and corporations, we were informed that the leaked documents were not critical or classified,” a source the police said.

The police announced that the IP address used by the hackers was identical to the IP in the Ryugyeong neighborhood of Pyongyang identified during the cyber terror attack on the computer networks of broadcasters and financial firms on Mar. 30, 2013.

Police investigators found that North Korean hackers used a program called “phantom mouse” to exploit vulnerabilities in the South Korean computer management system and to deliver the virus. North Korea developed the “phantom mouse” program by adapting a hacking program from China.

The computer management system that the hackers exploited was developed by a South Korean company and has reportedly been used by a large number of South Korean corporations and government agencies. Once installed, the system enables technicians to manage computers and update software remotely.

“North Korean hackers were able to create as many as 130,000 zombie computers. Rather than stealing documents, they appear to have been gearing up for a large-scale cyber terror attack,” said a source with the police.

“Importantly, companies’ full cooperation is what [helped us] stop a North Korean cyber terror attack from occurring,” the source said.

By Lee Seung-joon, staff reporter

Please direct questions or comments to [english@hani.co.kr]