Two Daejeon City Management Servers Hacked in June Last Year
No Data Leakage or Damage Reported at the Time
Issue Highlighted as 'Negligence in Management' in Joint Government Audit
The servers managed by Daejeon City were found to have been infected with malware and used for purposes such as cryptocurrency mining, as pointed out in a joint government audit.
According to Daejeon City on the 16th, the malware infection occurred on two servers on June 2nd of last year. One server was infected with malware capable of mining cryptocurrency due to the exposure of the administrator account password. The other server was investigated to have been used as a hacking relay point to further infect malware.
The Daejeon City Cyber Incident Response Team detected abnormal communication status of the servers on the 9th of the same month, isolated the servers' network, and the next day confirmed the malware and reported the server breach to the National Intelligence Service and others, thereby managing the incident.
It was confirmed that there was no information leakage or service disruption caused by the malware infection at the time of the incident.
The problem lies in the route through which the servers were infected with malware. The joint government audit revealed that the server administrator account passwords were not set in a form mixing letters, numbers, and special characters.
Additionally, it was found that management was negligent, such as proceeding with network separation work without implementing security measures against unauthorized cyber access.
In fact, on the day of the malware infection (the 2nd), Daejeon City conducted network separation work while changing and setting firewall policies to allow all communications without implementing security measures such as blocking unauthorized access.
The joint government audit also pointed out that Daejeon City did not conduct the necessary annual diagnosis and inspection for cyber threat prevention and response. Currently, Daejeon City operates a total of 467 information system servers. The main point is that diagnostic and inspection activities were not conducted on 98 of these servers.
Meanwhile, the joint government audit was conducted in September of last year, led by the Ministry of the Interior and Safety.
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
