North Korea Behind Hospital Data Breach in Seoul

Saturday, 13 May 2023
north-korean-hackers.jpg

Sensitive medical information and personal details have been been stolen from Seoul's National University Hospital (SNUH), and North Korean hackers have been found to be behind the attack. The incident happened back in May 2021, and police from the Korean National Police Agency (KNPA) have spent the last two years working feverishly to identify the perpetrators.

The law enforcement agency attributed the attack to North Korean hackers in their press release based on the following information:

  • the intrusion techniques observed in the attacks,
  • the IP addresses that have been independently linked to North Korean threat actors,
  • the website registration details,
  • the use of specific language and North Korean vocabulary

Although the KNPA did not explicitly state which North Korean hacking group was behind the incident, South Korea's local media networks attributed the attack to the Kimsuky hacking group. Seven servers located in South Korea were utilised in the attack, and the person details for 831,000 individuals were exposed. 17,000 people impacted were either current or former hospital staff.

Seoul Hospital Cycle

The KNPA press release warned that North Korean attackers may try to compromise communication and information networks across various industries in the near future. It emphasised a nationwide need for additional security measures, highlighting the fact that cybercrime can affect all businesses.

"We plan to actively respond to organised cyberattacks backed by national governments by mobilising all our security capabilities and to firmly protect South Korea's cybersecurity by preventing additional damage through information sharing and collaboration with related agencies," said the KNPA.

Hackers from North Korea have previously attacked hospital networks, with the aim of extorting ransom payments from healthcare organisations in exchange for sensitive data. The U.S. government drew attention to the Maui ransomware, warning that all healthcare providers worldwide need to heighten their security measures.

Enjoyed this article? Please consider donating!
Donate
* Alpha Safe journalism is funded exclusively by your donations. We care about your online safety, so we will never display ads, as they could serve you malicious content. We also believe journalism should be available for all, and will never hide our articles behind a paywall. As such, your donation would be very much appreciated.

Most Recent

31 July 2023

Hell Pizza Suffers Credential Stuffing Attack

14 July 2023

Wellington City Council Data Breach

8 July 2023

Event Secretary Data Breach

2 July 2023

TSMC Data Breach; Hackers Demand $70m Ransom

27 June 2023

Suncor Energy hit by Giant Cyberattack

21 June 2023

Kiwis Losing $2M Every Month To Cybercriminals

18 June 2023

Eftpos Provider Smartpay Suffers Ransomware Attack

17 June 2023

Colossal Louisiana Driver Licencing Data Breach

14 June 2023

Russian Hackers Breach Ulez Database

9 June 2023

Thousands of Companies' Data Stolen Through MOVEit Flaw