[Asia Economy Reporter Seungjin Lee] A Chinese hacker group has announced additional hacking attempts. To reduce hacking damage, it is necessary to follow security guidelines such as using different passwords for each site.
2000 Domestic Government Agencies, Media Outlets, and Others Targeted
The hacker group ‘Xiaoqiying (???; meaning “Dawn Cavalry”),’ presumed to be based in China, was confirmed to have hacked the websites of 11 academic societies and scholarly organizations during the Lunar New Year holiday, including the Korea Construction Policy Institute, the Korean Language Society, and the Korean Archaeological Society.
Xiaoqiying displayed the logo ‘Cyber Security Team’ in English and Chinese along with ‘Xiaoqiying’ and posted the message “Declaring cyber intrusion into Korea” on each organization’s homepage. The group has identified about 2,000 domestic government agencies, media outlets, and others, including the Korea Internet & Security Agency (KISA), as their next targets.
Security experts believe that, based on the scale and techniques of the hacking revealed so far, it is unlikely to lead to a large-scale cyberattack. The hackers appear to have targeted websites of organizations with vulnerabilities due to delayed security program upgrades, infiltrating their operational management privileges.
No Security Issues in Major Sites like Naver
Although the hacking threat is increasing, there are no unusual security issues reported in major domestic sites such as Naver and Kakao. The security industry believes that with the level of hacking demonstrated by Xiaoqiying, it would be difficult to breach the security of major domestic sites where security programs are frequently upgraded.
AhnLab checked whether hacking attempts from China have increased this month, but hacking attempts using Chinese IPs were found to be at a similar level compared to December last year. Since attackers disguise their locations by spoofing IPs, it is difficult to determine whether an attack originates from a specific country based solely on IP. However, unlike the threat from Xiaoqiying, no special activity has been observed yet.
The security levels of major sites are steadily being strengthened. For example, Naver operates login services such as ▲login-only IDs ▲two-step authentication ▲one-time login/QR code. It has also piloted a ‘passwordless’ login method that allows login through ‘identity verification’ instead of passwords.
The Problem Is Using the Same ID and Password
Security experts urge users to practice security guidelines to reduce hacking damage.
The biggest problem is using the same ID and password across multiple sites. If a hacker group persistently targets only vulnerable sites and steals users’ IDs and passwords, the high security levels of other sites can become useless.
Recently, the Personal Information Protection Commission issued a warning about ‘credential stuffing’ attacks, where hackers randomly input already leaked accounts and passwords into other sites to extract additional personal information. Not long ago, at Gmarket, accounts were hijacked using credential stuffing, leading to financial damage.
Users should also be cautious of hacking attacks impersonating trusted services like Naver and Kakao. According to emails disclosed by ESTsecurity, an email titled “Logged in from an overseas location” was sent earlier this month, disguised as from the Kakao team. If users entered personal information as instructed in the email, it was transmitted to the attacker’s server.
An AhnLab official advised, “To prepare against damage such as personal information theft, users should ▲use different passwords for each site ▲utilize two-factor authentication ▲avoid executing URLs or attachments from unknown sources, and follow basic security guidelines.”
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
