Target of North Korea is Initech's 'Inisafe Crossweb EX'
PC hacking extends to public institutions, defense, and bio companies
It has been confirmed that the financial security authentication software (S/W) targeted by North Korea's hacking attack exploiting security vulnerabilities is an outdated version of 'Inisafe CrossWeb EX' by Initech, a KT Group financial and security specialist company. This software is widely used for logging in or electronic signatures through joint certificates, and the National Intelligence Service (NIS) urged that security patches be applied promptly to prevent further damage.
On the 30th, the NIS announced that, together with related organizations such as the National Police Agency, Korea Internet & Security Agency (KISA), and the National Security Research Institute, it confirmed that at the end of last year, North Korea exploited vulnerabilities in software from a well-known domestic financial security certificate company to hack more than 210 PCs across about 60 major domestic and international institutions, including government and public agencies, defense, and bio companies.
The software targeted by North Korea's attack was confirmed to be an outdated version of Initech's 'Inisafe CrossWeb EX.' This program is related to electronic finance and public sector certificates and is widely used for certificate processing not only in domestic public and financial institutions but also in shopping malls. According to the NIS, it is estimated that this software is installed on more than 10 million PCs belonging to institutions, companies, and individuals both domestically and internationally.
In particular, because this software is automatically installed when users access websites requiring electronic signatures or electronic financial services, users may not even be aware that they are using it while accessing the service. This means there is a concern that North Korean hackers, having breached the security vulnerability, could remotely spread and infect malware on users' PCs without detection.
After recognizing North Korea's attack, the NIS and KISA began emergency response efforts in January this year and completed a detailed analysis of the malware's operating principles. Based on the analysis data, they conducted actual attack-defense demonstrations and have completed the development of security patches. Initech has also launched an all-out response by thoroughly investigating and supplementing the vulnerabilities, and verified security patches are currently being distributed.
An NIS official stated, "We are currently applying security patches to public and financial institutions using the program in cooperation with related agencies," and repeatedly urged, "We ask the public to promptly update their security programs to the latest versions."
North Korean hacking
Furthermore, the NIS is paying attention to the increasing trend of North Korea's organized hacking attempts targeting vulnerabilities in financial security software and plans to hold a 'Related Agencies Meeting for Preventing Financial Security S/W Breach Incidents' at the Cybersecurity Cooperation Center on the 5th of next month with related organizations. The meeting will include government agencies such as the Ministry of Science and ICT, National Police Agency, KISA, Financial Supervisory Service, Financial Security Institute, and 12 financial security software manufacturers.
An NIS official said, "Thanks to close cooperation with the National Police Agency, KISA, and others, we were able to respond quickly to North Korea's cyberattacks," adding, "We will continue to proactively respond to North Korea's hacking threats through active information sharing and cooperation with related agencies, including sharing the latest hacking cases."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
