Similarities found between previous cyberattacks against the South Korean arms industry over the past three years have put South Korean security experts on high alert, as a recent industry report warns of advanced persistent threats posed by more than four hacker groups that have been on the radar since 2010. (Image: Kobiz Media)
SEOUL, Jul. 5 (Korea Bizwire) — Industry experts are warning the South Korean arms industry to ramp up security in preparation for growing cyberattacks in the coming years, while a number of industry sources say some of the previous attacks could have been state-sponsored.
Similarities found between previous cyberattacks against the South Korean arms industry over the past three years have put South Korean security experts on high alert, as a recent industry report warns of advanced persistent threats posed by more than four hacker groups that have been on the radar since 2010.
According to the report from security software provider AhnLab released on Tuesday, security experts at the company found similar patterns in encoding between attacks targeting defense companies that began around 2014, which raises the possibility that a single cell or different hacker groups working in tandem could have been behind previous attacks.
Among the attacks reported between 2011 and 2013, hacker groups including Red Dot, Ghost Rifle and Phantom Squad were found to share similar hacking code.
With the hackers targeting not only the defense industry but also the government, security experts are urging government officials to act upon the intelligence information currently available and prepare for what could become a matter of national security before it’s too late.
“Some hacker groups are targeting not only defense companies but also political and diplomatic branches, which leaves us with the possibility of the attacks being organized by another state, rather than a group of industrial spies,” noted an AhnLab representative.
“As it could lead to confidential information leaks within the defense industry as well as breaches of national security, the government is being urged to take stringent security measures.”
The report also raised the possibility of some of the hacker groups being operated by Korean speakers, as a number of misspelled Korean words and initials likely to refer to a Korean name such as ‘KGH’ were found in hacking code used by Ghost Rifle and Phantom Squad.
Some of the hacking techniques used by the hacker groups mentioned in the report, namely Red Dot, Ghost Rifle and Phantom Squad, include spear phishing and watering hole, the first of which is luring victims with an email that appears to be from someone familiar, while the latter occurs when a hacker plants an infectious malware on a website, which then spreads to visitors while stealing personal information.
During last year’s U.S. election, John Podesta, the campaign chairman of Democratic Party presidential candidate Hillary Clinton, fell victim to a spear phishing attack launched by Russia-based hackers, according to the U.S. intelligence Community.
Hyunsu Yim (hyunsu@koreabizwire.com)
