North Korean hackers infiltrated a South Korean court's computer network over a span of two years, stealing highly sensitive data, including individuals' financial records, Seoul police said.
According to South Korean national police, the hackers stole 1,014 GB of data from the court's computer system between January 2021 and February 2023. The breach came to light following a joint investigation conducted by the national police, the country’s intelligence service, and the Prosecutor's Office.
The threat actor had been breaking into the court's computer network since at least January 7, 2021, the police said. The hackers used malware to siphon off data, including crucial personal information such as marriage records and individuals' debt profiles. The stolen data was then transmitted to “four domestic and four overseas servers” before being flagged by antivirus software.
Authorities have attributed the cyberattack to a North Korean hacking outfit, based on the detected malicious software, server payment details, and IP addresses previously linked to hacking incidents attributed to Pyongyang.
Despite efforts to contain the breach, only a fraction of the stolen data (approximately 4.7 GB) has been retrieved and identified by Seoul authorities. This cache of stolen data reportedly includes over 5,000 documents pertaining to personal debt rehabilitation cases, encompassing marriage certificates, debt statements, and explanations for insolvency.