SEOUL, Dec. 7 (Korea Bizwire) – Military investigators looking into the first hacking of South Korea’s cyber command intranet said Wednesday the suspected North Korean attackers accessed the network through a server at the armed forces’ main information center.
The findings raised concerns that confidential information may have been compromised as the affected server is connected with the information systems of the Army, Navy and the Air Force. But the ministry said information saved on the server system was not stolen.
A total of 3,200 computers, including 700 linked with the intranet, were contaminated with malware in the latest cyber attack, which occurred on Aug. 4, the Ministry of National Defense said.
It said some military documents were hacked while refusing to provide details. The computer used by Defense Minister Han Min-koo was also affected, the official said.
On Tuesday, the ministry said the IP addresses linked to the attack were traced to a location in China that has been used by North Korean hackers.
“As one of the military’s two integration servers was jointly linked to the internet and the intranet, it allowed the hackers to gain access to the intranet,” a ministry official said.
It is one of two servers the military operates. The other server involves information for the defense ministry, the Defense Security Command and the Defense Acquisition Program Administration (DAPA).
“We are still in the process of determining what data were leaked. We found the hackers infiltrated the intranet using the main server but information in the server remains intact,” the official said.
The cyber command separated the affected server from the whole network to avoid the spread of viruses in October, two months after the initial hacking attempt was made in August.
It marked the first time that the data of South Korea’s cyber command has been compromised. South Korea set up the command in January 2010 as part of its efforts to counter external hacking attempts on the country’s military.
North Korea — which has thousands of cyberwarfare personnel — has a track record of waging cyberattacks on South Korea and the United States in recent years, though it has flatly denied any involvement.
(Yonhap)