NK’s Lazarus hacked South Korean top court: police

gettyimagesbank

North Korean hacking group Lazarus was behind last year's cyberattack on the South Korean top court’s online network, the National Policy Agency said, Monday.

In February 2023, the Office of Court Administration of the Supreme Court discovered signs of a malware infection in servers and commissioned a security company to conduct a malware analysis.

Following allegations that the tactic used in the cyberattack matched North Korean operations, it then cooperated with police and the National Intelligence Service (NIS) to uncover how and what data was leaked.

“Based on Lazarus’ past hacking patterns, we believe that Lazarus is allegedly responsible for the hacking of the Supreme Court’s servers,” Woo Jong-soo, the head of the National Office of Investigation, said during a press conference at its headquarters in Seoul.

“How the intrusion occurred as well as the extent and type of leaked data will be determined through further investigation.”

The Supreme Court handles highly sensitive information of both individuals and companies — not only documents authored by the court but also written accusations, pleas, defenses and preparatory documents submitted by the involved parties.

North Korea’s cyberattacks targeting South Korean public institutions in order to steal sensitive information have been expanding in recent years, prompting urgent calls for countermeasures.

According to the NIS, 80 percent of cyberattacks targeting public institutions have been traced back to North Korea. The past year saw an average of over 1.62 million cyberattack attempts per day, aimed at the public sector. Most recently, a presidential staffer’s private email was compromised by North Korea ahead of President Yoon Suk Yeol's visit to Britain and France last November.

On Monday, the NIS issued a warning against North Korean cyberattacks on semiconductor manufacturers, adding that a North Korean hacking group attacked two South Korean semiconductor manufacturers in December and February, respectively, to steal blueprints of their products and photos of facilities.

It added that North Korea seems to have begun producing its own semiconductors due to difficulties in importing technology for semiconductor production following sanctions and increased demand for developing weapons such as missiles as well as satellites.

“Updating software security and protecting access control systems from hackers is imperative as North Korean hacking groups continue advancing their ingenuity,” the NIS said.