06.01.2023 Author: Konstantin Asmolov

South Korea and its cyber front

Generally, when it comes to cybercrime, the author writes about North Korean hackers, but an overview of what the issue of hackers in the ROK in general looks like is also noteworthy.

First, some general statistics on hacker attacks in the ROK.  Back in 2021, following the attempted hacking of the Korea Atomic Energy Research Institute and Korea Aerospace Research Institute servers, the National Intelligence Service conducted a special inspection of some 20 of the country’s most important government agencies. As a result, 34 cyberattacks against the Korea Electric Power Corporation were detected. The number of attempts to hack into government and public servers has almost quadrupled in the past five years, to an average of 1,620,000 per day.

The ROK National Intelligence Service has disclosed data on damage to South Korean companies prevented in 2021, when attempts had been made to steal advanced industrial technology and designs. According to it, from January to September 2021, a total of 14 cases worth 1.783 trillion won (USD 1.5 billion) of leaked trade secrets were detected. Seven of these were in leading chip and display industries, and interest in the theft of relevant designs increased from 29% in 2017 to 50% in 2020.

In 2017-2021, 89 cases of industrial technology leakage were detected and the amount of damage prevented is estimated at 19.44 billion won. Of these, 29 incidents (32.6%) involved the loss of key technology, which has a negative impact on national security and the economy.

According to data provided by the Financial Security Institute in February 2022, nearly 1,100,000 cyber attacks were launched against 17 South Korean commercial banks between 2017 and 2021. Between 2017 and 2018, the number of cyberattacks more than tripled, from 63,000 to more than 210,000.

Analysis of IP addresses showed that 34.7% of cyberattacks originated in China, followed by the ROK, the US, India and France. Thanks to robust security, the banks’ internal servers were not compromised.

According to a Ministry of the Interior report in September 2022, 558,674 attempts to hack into key government computer systems were detected between 2017 and July this year.

Analysis of Internet protocols showed that 127,908, or 22.9%, of detected hacking attempts came from the PRC, while 113,086, or 20.2%, came from the US. Hacking attempts within the ROK accounted for 8.5%, followed by Russia (4.7%), Germany (2.8%) and Brazil (2.4%).

According to the ROK parliamentary defense committee, the number of hacking attacks on the Defense Acquisition Program Administration (DAPA), which oversees South Korea’s latest military technology and weapons development, has steadily increased in recent years. It was found that 4,592 attacks were launched from IP addresses in China (33%), 2,928 from the US, 929 from South Korea, 514 from India, 405 from the UK and 358 from Canada.

It was noted that as a result of last year’s malicious activities, attackers may have stolen technical information on Korea’s most advanced KF-21 fighter jet, as well as submarine blueprints.

In March 2022, ransomware group Lapsus$ claimed it had successfully hacked into Samsung Electronics, stealing up to 190 gigabytes of confidential data, including source code. The stolen information was reportedly uploaded for downloading online via torrent.

On December 15, 2022, the ROK Ministry of Industry announced that South Korea’s largest public institutions in industry, trade and energy were subjected to 1,603 hacking attempts in the first 11 months of the year. The Ministry did not disclose other details, including the names of institutions or whether the attacks had been successful.

On December 26, the Ministry of Science and ICT disclosed that a total of 1,045 cyberattacks were reported to authorities in the first 11 months of 2022, up from 640 in 2021. The number of cyber threats increased by more than 60% in 2022 compared to a year earlier due to an increase in ransomware attacks that encrypt victims’ files and demand ransom payments. Attacks of this kind accounted for 303 cases, or 29%. In addition, 90% of ransomware victims were SMEs and only 41.8% had systems in place to protect against such attacks. The number of DDoS attacks has also steadily risen to 48 cases, “up sharply from nine a year ago”.

A separate major problem is phishing, which, according to a BI.ZONE study, ranks second among all types of cybercrime. In mid-October 2021, experts of global antivirus vendor ESET conducted a test that found that 60% of internet users could not distinguish between a phishing email and a regular email. Users over the age of 65 had the most problems, with only 28% being able to recognize the fraud.

Very often phishing was disguised as a message on behalf of the Korea Disease Control and Prevention Agency saying “as a victim of the effects of the coronavirus pandemic, you are entitled to compensation from the government, please provide your personal details and a photo of your bank card”.

Voice phishing also refers to electronic fraud, in which people are tricked into revealing important financial or personal information to fraudsters over the phone. Money transfer fraud makes up the majority of phishing crimes.

The amount of damage caused by phishing has more than tripled from 247 billion won in 2017 to 774.4 billion won (USD 538 million) in 2021, according to the ROK Prosecutors Office.

A new problem that has received a lot of attention lately is the hacking of the “internet of things,” usually smart home cameras to get compromising videos for sale or blackmail. In November 2021, unknown hackers distributed several video files that recorded the private lives of residents in some 700 residential complexes across the country by manipulating the video function on wall panels; the files contained not only everyday activities but also sex scenes.

But while the public is more concerned about privacy, from a terrorism perspective, access to control of the heating, gas, lighting etc. provides very interesting opportunities… And here the experience of the Busan Ilbo newspaper, whose hired programmer students hacked into the system of a residential complex built in 2018 in a day, is interesting. The hackers were able to open the door of one flat and peek into another through a camera set up for video calls between residents; they were also able to turn the gas and lights on and off.

In December 2021, the ROK National Intelligence Service confirmed that an automated facilities management system server installed at a residential complex in Seoul had not just been hacked, but had been turned into a stopover for attacks on Internet servers in 40 countries.

On January 19, 2022, intelligence said it had allegedly identified more than 100 sets of Internet of Things equipment that were infected with the Mozi botnet. The infected equipment could be used in DDoS attacks, and included CCTV televisions, internet routers and digital video recorders.

Now about how the ROK is dealing with this. Speaking at a ceremony marking Information Security Day on July 13, 2022, President Yoon Suk-yeol said cybersecurity is a key element of national security. Yoon Suk-yeol has promised to create a so-called reserve force for cyber warfare, modelled on Israel’s military-academic Talpiot program. After leaving the unit, it will be possible to continue in the Armed Forces or take up civilian service.  In addition, the head of state intends to speed up the Republic of Korea’s accession to the Budapest Convention on responding to cybercrime.

In this context, the ROK authorities intend to train a total of 100,000 highly qualified cyber security specialists over the next five years, against the backdrop of increasing threats in this field. Plans to do so have been announced by the Ministry of Science and Information and Communication Technology. It focuses on educating 100,000 cyber security practitioners, training 2,000 high-level subject matter experts and supporting 25 of the most promising start-ups in the field. For this purpose, specialized educational programs and courses will be set up in universities and postgraduate institutions to provide selection and step-by-step training.

On October 17, 2022, the authorities announced that the Republic of Korea’s Office of National Security had decided to form a cyber security task force to protect the country’s security agencies’ facilities. The decision follows the leak of limited data on South Korean soldiers and prosecutors through vulnerabilities in the Korean messenger KakaoTalk.

The ROK has been actively cooperating with other countries (primarily the US) on this issue, both under Moon and Yoon.  For example, on July 16, 2021, South Korea said it would follow up on a recent summit agreement between Presidents Moon Jae-in and Joe Biden to establish a cybersecurity working group with the United States to strengthen cooperation against hacker attacks.

From April 19 to 22, 2022, the ROK National Intelligence Service participated in the world’s largest cyber security exercise, Locked Shields 2022, organized by the NATO Cyber Defense Center. To this end, the intelligence service trained a combined team of 70 people from 8 private, government and military agencies to counter attacks on computer networks of satellite communications, energy, industry, financial sector facilities and other areas.

On May 5, 2022, the ROK National Intelligence Service joined the Cyber Defense Group under NATO (CCDCOE), based in Tallinn.  The ROK thus became the first Asian country to join the unit, which was established in 2008 at Estonia’s initiative in response to hacker activity. In 2020 and 2021, the ROK participated in the largest international cyber defense exercise Locked Shields, organized by the aforementioned cyber center.

In August 2022, South Korean Minister of Defense Lee Jong-sup and Cyber Command Commander and Director of the US National Security Agency General Paul Nakasone met and agreed to enhance cooperation on cybersecurity, including through information sharing, regular exercises and training on cyber defense.

In October 2022, to increase the preparedness of Washington and its allies, eighteen members of the South military took part in a Cyber Flag exercise in Virginia.

In November 2022, the ROK held a remote multinational cyber security exercise involving the United States, China and Russia as part of a virtual two-day ASEAN cyber security expert working group session. Participants worked together to address fast-growing cyber threats such as ransomware, as well as malware analysis and analysis of Windows infringement incidents.

On November 28, Minister of Science and ICT Lee Jong-ho met with European Commissioner for the Internal Market Thierry Breton by video conference to sign an agreement to step up joint work in the fields of cybersecurity, quantum technologies, high-performance computing and semiconductors as part of a digital partnership.

On June 23, Prosecutors Office announced it would form a joint investigation team with relevant agencies (National Police Agency, Financial Services Commission, Financial Supervisory Service and Korea Communications Commission) to launch a massive crackdown on voice phishing fraud.

On December 8, 2022, South Korea’s Ministry of Science and ICT said it had adopted new software to block phone number spoofing and prevent text messaging fraud to help people better deal with fraudulent phone calls or voice phishing and easily report fraudulent text messages to authorities through their smartphones.

As can be seen from the above, the Pyongyang hackers are far from a first-priority threat. On the other hand, the justification for increased cyber preparedness by intrigue from the North works well, and the next article will focus on how the global community is dealing with cyber threats – both fictional and real – from the DPRK.

Konstantin Asmolov, PhD in History, leading research fellow at the Center for Korean Studies of the Institute of China and Modern Asia, the Russian Academy of Sciences, exclusively for the online magazine “New Eastern Outlook.

Related articles: