Initially Claimed "Honeypot Hacking,"
But Some Actual Documents Confirmed in Leak
SK Shieldus has confirmed that some work-related documents were leaked externally from an internal employee's personal email account and has reported the incident to the Korea Internet & Security Agency (KISA).
According to SK Shieldus on October 18, the company officially submitted a report to KISA regarding the cyber breach at around 10 a.m. that day.
Previously, the hacking group "Blackshrantac" claimed on the dark web that it had hacked approximately 24GB of SK Shieldus data-including customer information, network data, HR and payroll records, and cybersecurity technology information-and released over 40 sample files.
In response, SK Shieldus initially explained that "only a 'honeypot' system, set up to trace hackers, was attacked, and no actual internal data was leaked." A honeypot refers to a fake server intentionally installed to lure hackers and analyze their attack methods.
However, after security experts analyzed the released samples, controversy arose over their authenticity, as the files included documents and presentation materials from unrelated companies as well as personal ID photos.
During further investigation, SK Shieldus confirmed that some documents had indeed been leaked through an employee's personal email account. The company stated, "The Chrome browser in the virtual machine (VM) used for the honeypot environment was automatically logged into the employee's personal email, and work-related documents were included in the mailbox," adding, "It appears that some data was exposed to the hacker through this account."
The company said, "While re-examining the sample data, we identified some documents originating from the employee's personal email. We are currently conducting a full investigation of related accounts and proceeding with forensic procedures."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
