North Korea's Hacking Attack on Security Software 'Magicline'
Over 50 Public Institutions and Companies Infected with Malware
National Intelligence Service Urges "Immediate Deletion or Security Update"
North Korea's Reconnaissance General Bureau has been attempting continuous hacking attacks by exploiting vulnerabilities in security software used for joint certificate login. According to intelligence authorities, more than 50 public institutions and companies have been infected with malware so far.
The National Intelligence Service (NIS) announced on the 28th that North Korea's Reconnaissance General Bureau is attempting hacking attacks by exploiting security vulnerabilities in the well-known domestic security authentication software 'MagicLine4NX (MagicLine)'. MagicLine, targeted by North Korean attacks, is a program installed on PCs for identity verification when logging in using joint certificates on websites of national and public institutions, financial institutions, and others.
North Korean Hacking Attacks
An NIS official explained, "Once the software is installed on a PC, it automatically runs unless the user updates or deletes it separately," adding, "Because of this, if a security vulnerability is exposed, hackers can exploit it as a continuous hacking route." He urged, "The software should be updated or deleted promptly."
The NIS, after conducting investigations with the National Police Agency, Ministry of Science and ICT, and Korea Internet & Security Agency (KISA), confirmed that the Reconnaissance General Bureau has been exploiting vulnerabilities in the MagicLine software since the end of last year. It has been identified that PCs in more than 50 public institutions, defense and IT companies, and media outlets have been infected with malware, and detailed damage such as information leakage from infected PCs is under further investigation.
According to the NIS, although the software developer released a security patch in March this year, the PC update rate remains low, increasing concerns about hacking damage. An NIS official stated, "The National Cyber Crisis Management Group, a joint civilian-government cyber response organization, is focusing on blocking the damage," and emphasized again, "Above all, public preventive measures are important, so please promptly delete or update the software."
Meanwhile, the Reconnaissance General Bureau, identified as the mastermind behind this hacking attack, is an intelligence agency affiliated with the Ministry of People's Armed Forces and is a de facto terrorist organization that oversees various operations targeting South Korea and overseas factories. Under the Reconnaissance General Bureau operate hacker groups such as Kimsuky and Lazarus, widely known for hacking to steal virtual assets for North Korea's foreign currency earnings.
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
