The court has begun notifying the 4,830 victims whose information was leaked due to the hacking of the judicial network by the North Korean hacker group Lazarus.
According to the legal community, on May 22, the Court Administration Office began notifying 4,830 victims about the information leak. From the afternoon of May 21, they informed the victims via text message and post mail about the status of the leaked documents, guiding them on how to deal with potential secondary damage. In early 2023, it was controversial when it was belatedly revealed that the judicial network was infected with malware from Lazarus, known as a hacker group under the North Korean Reconnaissance General Bureau. The server infected with malware temporarily stores litigation documents and other data before deleting them.
The National Investigation Headquarters of the Korean National Police Agency announced that they confirmed the hacking and data leakage of the judicial network as actions from North Korea after conducting a joint investigation with the National Intelligence Service and the Prosecutor’s Office.
The police stated that the intrusion into the judicial network started at least on January 7, 2021, and continued for about two years until February 9, 2023. During this period, North Korea transferred 1,014GB of court data to four domestic servers and four overseas servers. The police found 4.7GB and 5,171 files related to bankruptcy cases outside the judicial network among the leaked data. This means they have confirmed damage to only about 0.5% of the total data leaked.
The court received 5,171 leaked files from the police on May 8 and was able to identify the identities of the document owners by comparing them with personal information left in the government computer system.