The Korean Nationwide Police Company (KNPA) warned that North Korean hackers had breached the community of one of many nation’s largest hospitals, Seoul Nationwide College Hospital (SNUH), to steal delicate medical data and private particulars.
The incident occurred between Might and June 2021, and the police carried out an analytical investigation throughout the previous two years to determine the perpetrators.
In response to the legislation enforcement company’s press launch, the assault was attributed to North Korean hackers based mostly on the next data:
- the intrusion methods noticed within the assaults,
- the IP addresses which were independently linked to North Korean risk actors,
- the web site registration particulars,
- the usage of particular language and North Korean vocabulary
Native media in South Korea linked the assault to the Kimsuky hacking group, however the police’s report doesn’t explicitly point out the actual risk group.
The attackers used seven servers in South Korea and different international locations to launch the assault on the hospital’s inside community.
The police mentioned the incident resulted in information publicity for 831,000 people, most of whom had been sufferers. Additionally, 17,000 of the impacted persons are present and former hospital staff.
The KNPA press launch cautioned that North Korean hackers may attempt to infiltrate data and communication networks throughout numerous industries. It emphasised the necessity for enhanced security measures and procedures, equivalent to implementing security patches, managing system entry, and encrypting delicate information.
“We plan to actively reply to organized cyber-attacks backed by nationwide governments by mobilizing all our security capabilities and to firmly defend South Korea’s cyber security by stopping extra injury by means of data sharing and collaboration with associated companies,” warned the KNPA.
Maui and Andariel
North Korean hackers have been beforehand linked to hospital community intrusions aiming to steal delicate information and extort a ransom fee from healthcare organizations.
Extra particularly, the U.S. authorities has highlighted the Maui ransomware risk as such, warning the healthcare sector that they should increase their defenses in opposition to the North Korean operation.
Quickly after this warning, security researchers at Kaspersky linked the Maui ransomware operation to a particular cluster of exercise named ‘Andariel’ (aka ‘Stonefly’), believed to be a sub-group of Lazarus.
Lazarus is thought for focusing on South Korean entities with ransomware since April 2021.
