A North Korea-linked Advanced Persistent Threat (APT) group has breached the Seoul National University Hospital (SNUH), as revealed by the Korean National Police Agency (KNPA). The incident, which occurred between May and June 2021, aimed to steal highly sensitive medical information and personal data, with a particular focus on high-profile individuals who received medical treatment at the hospital.
According to the South Korea National Police Agency, the intranet of SNUH was successfully infiltrated by state-sponsored threat actors, compromising the personal details of approximately 830,000 patients and staff members, including 17,000 current and former hospital employees. Fortunately, the hospital’s operations remained unaffected by the attack.
The attribution of this attack to North Korea is based on the National Police Agency’s observation of Tactics, Techniques, and Procedures (TTPs), such as IP addresses, the use of specific North Korean vocabulary, and the anonymization techniques employed during the attacks. While the South Korean Police have not explicitly named a specific APT group responsible, local media speculates about the involvement of the Kimsuky APT.
Yonhap News Agency posted that officials stated, “The origin of the IP address and the method of address laundering used in the attack matched those of North Korean hacking groups used in their previous hacking attacks.”
While primarily targeting think tanks and organizations in South Korea, the APT group has also targeted entities in the United States, Europe, and Russia. In their most recent campaign, these state-sponsored hackers focused on nuclear agendas between China and North Korea, which are highly relevant to the ongoing conflict between Russia and Ukraine.
The report from the Korean National Police Agency reveals that the attackers utilized at least seven servers in South Korea and other countries to launch the assault. In response to this incident, the KNPA warns that North Korean APT groups may attempt to infiltrate information and communication networks across various industries. The agency urges organizations in the country to implement robust security measures, including effective patch management strategies, stringent system access controls, and robust data encryption.
“We plan to actively respond to organized cyber-attacks backed by national governments by mobilizing all our security capabilities and firmly protecting South Korea’s cybersecurity. This will be achieved through preventive measures, such as information sharing and collaboration with related agencies,” cautioned the KNPA.
“The National Police Agency is mobilizing all its security capabilities against organized nation-state operations while actively responding to them. Through information sharing and collaboration with other agencies, we aim to protect Korea and prevent further damage.”
Story credit
Related stories:
