North Korean hackers stole 1,014GB of data from South

North Korean hackers stole 1,014 gigabytes of data and documents from a South Korean court network over two years, according to the results of a joint probe released on Saturday.

The entrance to the National Investigation Headquarters in Seodaemun District, central Seoul [YONHAP]

North Korean hackers stole 1,014 gigabytes of data and documents from a South Korean court network over two years, according to the results of a joint probe released on Saturday.

The investigation, which was conducted jointly by the National Police Agency’s National Investigation Headquarters, the state prosecution service and the National Intelligence Service, concluded that the heist was likely carried out by a North Korean hacking group known to South Korean and U.S. intelligence as Lazarus.

The stolen data included detailed personal information, such as names, resident registration numbers and financial records, according to the probe report.

The National Investigation Headquarters said that data was stolen between Jan. 7, 2021 and Feb. 9, 2023 via methods used by North Korean hackers in the past, such as planting malicious computer codes that exploit software vulnerabilities.

According to the investigative team, a total of 1,014 gigabytes of data was taken out of the court’s computer network during this period through eight servers, four of which are located in Korea.

Investigators were able to identify data that had been transmitted overseas through one of the domestic servers and confirmed that 5,171 files had been taken out of the court system through that server.

But the figure represents only 4.7 gigabytes’ worth of stolen files, or 0.5 percent of total stolen data.

Investigators said they were unable to pinpoint which data had been transmitted through the other seven servers as those records had already expired.

An official at the National Investigation Headquarters said that although the first malicious code on the court’s computer network was installed on Jan. 7, 2021, the hackers “had likely been trying to break into the network before this time.”

The official also said that the network’s security logs had been deleted in the interim, making it “impossible to determine the time and route used during the initial intrusion.”

The malware installed by hackers remained undetected for over two years until the court system’s antivirus software was updated, which investigators said led to its discovery.

But investigators also noted that the absence of security records from the time frame that the malware was installed was impeding their understanding of the court network’s weaknesses.

The National Investigation Headquarters said it relayed information regarding which files had been stolen to the judiciary so that people whose personal information had been exposed by the hack could be notified.

The police launched an investigation in December after the judiciary conducted an internal probe into a huge data leak that was only detected after the court computer network found and blocked a malicious code.

Investigators said they are not yet able to determine the motive behind the hackers’ theft of information from the court system.

Lazarus is one of three North Korean hacking groups that breached the internal networks of 10 South Korean defense companies and stole technical data over the past 18 months, according to another recent joint police investigation.

BY MICHAEL LEE [lee.junhyuk@joongang.co.kr]