N. Korea suspected of hacking S. Korean military’s cyber command

North Korean leader Kim Jong Un is surrounded by his officials in this undated photo released by the Korean Central News Agency.


By KIM GAMEL | STARS AND STRIPES Published: December 6, 2016

SEOUL, South Korea — North Korea apparently hacked into the South Korean military’s internal cyber network in the first-ever such breach, officials said Tuesday.

The incident happened in September, but military officials initially played down reports.

An investigation showed some classified military materials had been compromised, the Ministry of National Defense confirmed Tuesday.

“It is assumed that this was the work of North Korea,” ministry spokesman Moon Sang-gyun told reporters.

He did not provide details, but the Yonhap News Agency reported the malware had been traced to an Internet Protocol address in Shenyang, China, where many North Korean hackers are believed to be based.

“It is our understanding the hackers hacked into the military’s internal network from an IP address in Shenyang,” Yonhap quoted a military source as saying. “The malicious code used in the hacking is similar to the code used in several computer breaches.”

Pyongyang has been blamed for numerous cyberattacks against the U.S. and South Korea. One of the most high-profile was against Sony Pictures in 2014 when employees’ personal information and email exchanges were released online.

North Korea denied responsibility, but the FBI said malware found on Sony computers shared codes that had been previously used by North Korean suspects.

South Korea’s military previously had said its internal network was safe from breaches because it is separate from the rest of the internet.

But the hackers may have been able to gain access by exploiting a weak point when users got into the internal network from outside the system, Yonhap reported.

In 2010, South Korea set up a cyber command center in a bid to counter the hacking attempts against the military.

Yonhap quoted the cyber command as saying it had isolated the affected server from the whole network to avoid the spread of viruses, but it has yet to fully determine the extent of the leak.

Stars and Stripes staffer Yoo Kyong Chang contributed to this report.

Twitter: @kimgamel