North Korean hackers stole 1,014 gigabytes of data and documents from South Korea's court network over two years, according to the results of a joint investigation announced Saturday.
The investigation, conducted jointly by the National Police Agency's National Investigation Headquarters, the National Prosecutor's Office, and the National Intelligence Service, found that the robbery was likely carried out by a group of North Korean hackers known to South Korean and U.S. intelligence agencies as “Lazarus.” concluded.
According to the investigation report, the stolen data included detailed personal information such as names, civil registration numbers, and financial records.
According to the National Investigation Headquarters, the data was previously used by North Korean hackers between January 7, 2021 and February 9, 2023, including by planting malicious computer code that exploited software vulnerabilities. It is said that it was stolen using the same method.
According to the investigation team, a total of 1,014 gigabytes of data was exfiltrated from the court's computer network through eight servers, four of which were located in South Korea, during this period.
Investigators were able to identify data sent overseas through one of the domestic servers and confirmed that 5,171 files were removed from the court system through that server.
However, this number represents only 4.7 gigabytes worth of stolen files, or 0.5 percent of all stolen data.
Investigators said they were unable to determine what data was sent through the other seven servers. These records had already expired.
Officials from the National Investigation Headquarters said that while the first malicious code was installed on the court's computer network on January 7, 2021, the hackers “may have been trying to infiltrate the network even before then.” is high,” he said.
The official also said the network's security logs have been deleted in the meantime, making it “impossible to determine the time and route used during the initial intrusion.”
The malware installed by the hackers went undetected for more than two years until the court system's antivirus software was updated, leading to the discovery, investigators said.
But investigators also noted that a lack of security records from the period the malware was installed hinders understanding weaknesses in the court network.
The National Investigation Agency said it had passed information on which files were stolen to law enforcement authorities so that people whose personal information was compromised in the hack could be notified.
Police began investigating in December after the judiciary conducted an internal investigation into a major data breach, which was only discovered after the court's computer network discovered and blocked the malicious code. did.
Investigators said they have not yet determined the hackers' motive for stealing information from the court system.
Lazarus is one of three North Korean hacker groups that broke into the internal networks of 10 South Korean defense companies and stole technical data over the past 18 months, according to a separate recent joint police investigation. It became clear that it was.
Written by Michael Lee [lee.junhyuk@joongang.co.kr]