Chinese hackers hit 12 Korean state institutions over holiday

A Chinese hacking group attacked the websites of twelve state-run or public research institutions over the Lunar New Year holiday after the group threatened to target over 2,000 government agencies.

First Vice Minister of the Ministry of Culture, Sports and Tourism Jeon Byung-geuk, third from left, visited a cyber security center in Daejeon on Jan. 25. [YONHAP]

A Chinese hacking group attacked the websites of twelve state-run or public research institutions over the Lunar New Year holiday, according to Korea Internet & Security Agency (KISA) Wednesday, after the group threatened to target over 2,000 government agencies.

A spokesperson at KISA said that the targets were the subject of “webpage defacement," adding that the agency is looking into the cases.

“We have confirmed that twelve websites were hit by webpage defacement, and we worked to track the intrusion,” the spokesperson said over the phone.

Webpage defacement takes place when hackers break into a web server and replace the hosted website with one of their own.

The following were affected: the Korean Research Institute for Construction Policy; Korean Archaeological Society; Woorimal academic society; Korean Academy of Basic Medicine & Health Science; Association for Studies in Parents and Guardians; Research Institute for Early Childhood Education; Korean Lesson Study Group for Social Studies; Korean East West Mind Science Association; Korean Cleft Lip and Palate Association; Korean Association for the Education and Rehabilitation of the Blind and Visually Impaired; Jeju Education & Science Research Institute; Korean Society for the Study of Educational Principles.

Some of the websites that were attacked show a generic error page while others show a message.

A web page attacked by a Chinese hacking group [SCREEN CAPTURE]

On the Korean Academy of Basic Medicine & Health Science's site, the group identified themselves with Chinese characters reading “Xiaoqiying,” declaring that they have invaded the "Korean internet." Xiaoqiying means warriors of dawn.

Local media outlets have since reported that the group is related to Teng Snake, a hacking organization that targeted government bodies last year.

As for the reason behind the attack, the group mentioned “some streaming stars in Korea” annoying the hackers, claiming that the entity is not related to the Chinese government, according to a statement released on its Telegram account.

KISA revealed IP addresses linked with the attack of the Korean Research Institute for Construction Policy on its security advisory website, with origins in a number of countries including China, the United States, Singapore and Taiwan.

The hacking group has warned that their next target will be KISA, prompting the Ministry of Science and ICT to convene a series of emergency meetings over the holiday.

Science Minister Lee Jong-ho visited Korea Internet Security Center, a hacking and virus response center run by KISA, on Tuesday, to monitor the ongoing response to the attack.

The Ministry of Culture, Sports and Tourism underwent monitoring in the wake of the event Wednesday as the ministry was among the list of potential targets.

None of the affected websites recovered as of the press time Wednesday.

BY PARK EUN-JEE [park.eunjee@joongang.co.kr]