Hackers target Korea in cyber space

[Image source: Gettyimagesbank]

Pro-Russian hacking groups are targeting and conducting operations against South Korea, blaming its support for the Kyiv regime in Ukraine.

Hacker group Cyber Dragon declared its intent to attack five Korean government departments and financial institutions in June 2024. It specifically targeted Shinhan Financial Group, the Export-Import Bank of Korea, National Police Agency, National Tax Service, and the Korea Customs Service. The group delivered its threat of cyber retaliation after the announcement that Korean President Yoon Suk Yeol would attend the two-day Ukraine Peace Summit held in Switzerland that month.

The IT industry refers to these attackers as cyber-nationalists who launch indiscriminate attacks against nations that oppose their country’s interests, and Korea is an optimal target.

Although Cyber Dragon is not yet well-known in Korea, it is a notorious hacker group that caused a 24-hour outage by massively attacking professional social media platform LinkedIn in February 2023. The reason for the attack was that many LinkedIn users were Westerners who posted anti-Russian content. LinkedIn experienced severe breaches as a result, with over 500 million accounts compromised and 327 million accounts offered for sale on the dark web for 7,000 Bitcoins.

Cyber-nationalist hacker groups are not the only ones declaring war on Korea in cyberspace, with a Chinese-speaking hacker group announcing indiscriminate data leak attacks on Korean academic institutions in January 2023.

The groups are presumed to be pro-China, and include Xiaoqiying, Genesis Day, and Teng Snake. They targeted symbolic institutions such as the Korea Research Institute for Construction Policy and the Korea Archaeological Society.

Xiaoqiying revealed through a Telegram account that it had stolen a total of 54GB of data. In April of the same year, hacker group Uetus announced that it had attacked National Taiwan University, stealing about 25GB of data. This chain of attacks on Korea and Taiwan occurred shortly after the Chinese Embassy in Korea criticized a visit by Korean lawmakers to Taiwan in December 2022.

Korea is an easy target in the cyber realm, with the number of direct-path attacks surging from 200 daily in January 2024 to 450 two months later, according to NetScout, a company providing attack prevention solutions. Although it decreased to 280 in April, it spiked again to 420 in June. Korea faces 100 to 450 DDos attacks daily, with NetScout pointing out the joint Korea-U.S. military exercises in March 2024 and the UN Security Council meeting on North Korean human rights in June as significant contributors to the increasing number of attacks.

NetScout senior manager Richard Hummel warned that Korea is one of the most extensively attacked countries in the world.