North Korean Cybercriminals Behind Major Hospital Data Breach in Seoul
North Korean hackers have been linked to a data breach at South Korea’s largest hospital, according to the South Korean National Police Agency (KNPA).
In a press release, the police said attackers targeted the Seoul National University Hospital (SNUH) between May and June 2021. In a two-year investigation, the agency traced the attack to North Korea, based on a series of clues, including:
- Intrusion techniques observed in the attacks
- IP addresses that have been independently linked to North Korean threat actors
- website registration details
- use of specific North Korean vocabulary and language
The data breach is said to have impacted the personally identifiable information of 831,000 people, mostly patients. About 17,000 former hospital employees were affected as well.
Leaked data includes names, date of birth and medical records.
Police said the attackers used a vulnerability in the hospital’s online bulletin board to upload files containing malicious code.
Much of South Korea’s media have tentatively linked it to Kimsuky, a North Korean state-sponsored hacking organization group.
“Based on the evidence and the data extracted, we assume that the hackers breached the hospital to gain access to the medical information of prominent figures,” a police official explained.
“We plan to actively respond to organized cyber-attacks backed by national governments by mobilizing all our security capabilities and to firmly protect South Korea’s cyber security by preventing additional damage through information sharing and collaboration with related agencies,” warned the KNPA.