North Korean hackers breached main hospital in Seoul to steal information


North Korea

The Korean Nationwide Police Company (KNPA) warned that North Korean hackers had breached the community of one of many nation’s largest hospitals, Seoul Nationwide College Hospital (SNUH), to steal delicate medical data and private particulars.

The incident occurred between Could and June 2021, and the police performed an analytical investigation through the previous two years to determine the perpetrators.

In response to the regulation enforcement company’s press launch, the assault was attributed to North Korean hackers primarily based on the next data:

  • the intrusion strategies noticed within the assaults,
  • the IP addresses which have been independently linked to North Korean risk actors,
  • the web site registration particulars,
  • the usage of particular language and North Korean vocabulary

Native media in South Korea linked the assault to the Kimsuky hacking group, however the police’s report doesn’t explicitly point out the actual risk group.

The attackers used seven servers in South Korea and different nations to launch the assault on the hospital’s inner community.

Attack outline
Assault define (

The police stated the incident resulted in information publicity for 831,000 people, most of whom have been sufferers. Additionally, 17,000 of the impacted persons are present and former hospital staff.

The KNPA press launch cautioned that North Korean hackers would possibly attempt to infiltrate data and communication networks throughout numerous industries. It emphasised the necessity for enhanced safety measures and procedures, corresponding to implementing safety patches, managing system entry, and encrypting delicate information.

“We plan to actively reply to organized cyber-attacks backed by nationwide governments by mobilizing all our safety capabilities and to firmly defend South Korea’s cyber safety by stopping extra harm via data sharing and collaboration with associated businesses,” warned the KNPA.

Maui and Andariel

North Korean hackers have been beforehand linked to hospital community intrusions aiming to steal delicate information and extort a ransom fee from healthcare organizations.

Extra particularly, the U.S. authorities has highlighted the Maui ransomware risk as such, warning the healthcare sector that they should elevate their defenses towards the North Korean operation.

Quickly after this warning, safety researchers at Kaspersky linked the Maui ransomware operation to a selected cluster of exercise named ‘Andariel’ (aka ‘Stonefly’), believed to be a sub-group of Lazarus.

Lazarus is thought for concentrating on South Korean entities with ransomware since April 2021.