The National Intelligence Service (NIS) revealed on Tuesday that the hackers behind recent attempts to access government internal networks, including the Onnara system, are believed to be the North Korean group known as Kimsuky.
Intelligence reports indicate that these hackers also targeted the Office for Government Policy Coordination and the Ministry of Unification. The NIS further noted potential links to China and is actively investigating other forces involved in these cyber operations.
Following a closed-door National Assembly intelligence committee session at NIS headquarters in Seoul, Representatives Park Sun-won of the Democratic Party and Lee Seong-kwon of the People Power Party briefed reporters on the NIS findings.
Rep. Park stated that the NIS has identified the North Korean hacking group Kimsuky as the primary threat actor, based on reports from the cybersecurity publication Phrack.
Addressing the China connection, Rep. Park elaborated that beyond Kimsuky’s involvement, they’ve observed that hacking activities cease during Chinese holidays. The attackers are translating Korean into Chinese, and the malware signatures match those previously attributed to Chinese state-sponsored groups. This has led us to broaden its investigation to include other potential hostile actors.
Detailing the scope of the cyber intrusions, Park reported that the hackers successfully penetrated systems at the Office for Government Policy Coordination and the Ministry of Unification. They also accessed source code within the Foreign Ministry’s email servers. They’ve detected and thwarted multiple infiltration attempts targeting the prosecution service and counterintelligence agencies.
He assured that no data breaches have been confirmed thus far.
Regarding the massive SK Telecom customer USIM data hack, Park disclosed that through joint efforts with foreign intelligence agencies, they’ve pinpointed four transit points for the stolen data, with confirmed connections to China. Its actively mapping the attack vectors and pursuing the perpetrators.
The NIS emphasized its ongoing efforts to counter state-sponsored hacking attempts targeting critical technologies, including reconnaissance drones, air defense systems, liquefied natural gas (LNG) tankers, and advanced battery designs.