[Reporter’s Notebook] The Onslaught of 'Subsistence Hackers': Korea Left Defenseless [Concealment (18)]

If you have been following the news closely, you may have already noticed that hacking incidents have been more rampant than ever this year. In addition to SK Telecom, GS Retail, Albamon, Papa John's, and Yes24, both SGI Seoul Guarantee and Seoul Boramae Hospital have also been attacked in succession. The visible hacking incidents are just the tip of the iceberg, and the fact that more companies are hiding their breaches beneath the surface goes without saying.

According to a report by Check Point, a global cybersecurity company, the average number of weekly cyberattacks per organization worldwide in the second quarter of this year was 1,984, which is a 21% increase compared to the same period in 2024. At this point, it is no exaggeration to say that Korean small and medium-sized enterprises, which are the main targets of hackers, are experiencing a 'disaster.' Why have hacking attacks become so severe? A security expert who is currently assisting a major Taiwanese cybersecurity company in analyzing Chinese hacker groups stated that the background lies in changes within China. He explained, "The Chinese government is gradually cutting off support for 'state-sponsored' hacking groups."

Seeking more concrete evidence, I found a foreign news article about the leak of confidential documents from one of China's hacking groups, 'iSoon,' in February 2024. According to the leaked documents, an insider revealed that due to the economic downturn, the Chinese government reduced spending on hacking organizations, including iSoon. Hackers' wages dropped to the minimum wage level, and there were even cases of unpaid wages. From that point, these hackers became 'subsistence hackers' and began launching indiscriminate attacks. The security expert added, "After analyzing several recent hacking patterns in the Jeolla region, it turned out that a Chinese hacker group, which originally targeted Vietnam and Thailand, was responsible. Now that this group has extended its activities to Korea, we must recognize that we are exposed to the risk of indiscriminate attacks."

Russia has also joined in. The cybersecurity industry identified the ransomware used in the SGI Seoul Guarantee attack as 'Gunra.' This ransomware was modeled after the code structure of 'Conti,' a notorious Russian hacker organization. Conti collapsed in 2022 due to internal conflict following the Russia-Ukraine war, and since then, it has splintered into several subsistence hacking groups that attack indiscriminately.

While companies are surrounded by packs of predators, the government, lacking recovery capabilities, simply repeats its plea not to pay hackers. This is evident in the fact that SK Telecom and Yes24 refused to cooperate with government investigations. Fortunately, the new administration is emphasizing the importance of cybersecurity. On July 28, Baek Kyunghoon, Minister of Science and ICT, visited the Korea Internet & Security Agency's Internet Incident Response Center and stated, "An era of artificial intelligence (AI) without security could pose an even greater threat. To prevent collapse like a castle built on sand, a robust information security system must come first." It is important for the government to strengthen companies with AI, but to maintain that strength, investment in cybersecurity to block hacking threats is just as essential as investment in AI.

© The Asia Business Daily(www.asiae.co.kr). All rights reserved.