This year, analysts predict that either North Korea or China likely conducted cyberattacks targeting major government agencies and corporations in South Korea. They suspect that the hacking attempts primarily focused on telecommunications companies widely used by South Korean citizens. Reports indicate that these hacking groups employed sophisticated tactics, including indirect attacks through security outsourcing firms.
On Tuesday, the National Intelligence Service (South Korea) stated that the agency that detected the relevant information has completed essential measures in cooperation with related organizations and is continuously tracking the responsible entities.
This follows the recent release of the report titled, APT Down: The North Korea Files, which contains evidence of attacks attributed to hackers believed to be affiliated with North Korea’s Kim Suki group.
The report was compiled based on testimonies from white hat hackers such as cyb0rg and Saber. They reported obtaining a vast amount of data from a virtual workstation and virtual private server (VPS) used by the attacker known as KIM.
Some experts suggest that the attacks may not originate from North Korea and could involve China or a third party. They explain that another hacking group might have disguised itself as Kim Suki in order to erase traces of their activities.
The shared data consist of two main types: logs of attempts to infiltrate the internal servers of the Ministry of the Interior and Safety, the Ministry of Foreign Affairs, the Defense Counterintelligence Command, and several private companies in South Korea; and account information, internal documents, and attack tools obtained by the attackers from the compromised organizations.
Specifically, reports indicate that the Ministry of the Interior and Safety’s Onnara system and the Ministry of Foreign Affair’s email platform became targets. Analysts believe that telecommunications companies, which store user data, were the primary targets among private enterprises. They reportedly attempted to leverage remote access control services from outsourcing firms to carry out their attacks.
The Korea Internet & Security Agency (KISA), which oversees private sector cybersecurity, has urged the industry to remain vigilant.
Although no damage has been reported so far, experts advise caution due to the sophisticated nature of tactics that exploit supply chain vulnerabilities. Kim Suki employs strategies such as spear phishing—targeting specific personnel within organizations—and spreading malware through fraudulent work emails.
As cyberattacks from North Korea and China rapidly increase, analysts emphasize the need to expedite the establishment of a joint public-private response system rather than placing all responsibility on individual companies. The Personal Information Protection Commission has already issued prior notifications regarding penalties to SK Telecom, which suffered a hacking incident.
Some express concerns that the investigation into the SK Telecom hacking incident has progressed too hastily compared to other cases. Others argue that a thorough investigation is necessary to ascertain the actual impact of organized hacking attacks on the targeted organizations and companies.
Meanwhile, in July, the President of South Korea called for close cybersecurity cooperation between the public and private sectors, stating that it is essential for the country to become a leading nation in artificial intelligence (AI). The rapid escalation of attacks utilizing AI appears to have prompted this swift response.
