Ministry of Science and ICT, KISA: "Series of Hacking Attacks Targeting Small Websites Detected... Urge for Enhanced Security Inspections"

"Domestic Institutional Data Traded via Hacking Forums"
Emphasis on Implementing Security Measures Such as Latest Software Updates

The Ministry of Science and ICT and the Korea Internet & Security Agency (KISA) announced on January 7 that they have recently detected a trend in which an unidentified hacking group is stealing and selling internal data from domestic medical institutions, educational institutions, and online shopping malls through hacking forums. In particular, the attacks have taken the form of a series of attacks targeting small-scale websites with relatively weak security, prompting the authorities to urge related companies and institutions to strengthen security inspections and exercise heightened caution.

Since December of last year through January 5 of this year, the two organizations have immediately shared information on signs of security breaches with domestic victim organizations and companies identified on hacking forums. After checking for breaches, if an incident is confirmed, they have guided the affected parties to report the incident to KISA in accordance with the Information and Communications Network Act, so that they can receive technical support for cause analysis and the establishment of measures to prevent recurrence. A hacking forum refers to an online community where illegal cyber activities such as sharing hacking information, selling stolen data, and distributing malware take place.

Additionally, on January 6, a security notice titled "Request to Strengthen Corporate Security Due to Recent Increase in Security Incidents" was posted on the Boho Nara website, and Chief Information Security Officers (CISOs) as well as members of the Cyber Threat Analysis & Sharing System (C-TAS) were requested to strengthen security checks and address vulnerabilities.

The Ministry of Science and ICT and KISA stated that they will continue to intensify monitoring of illegal information distribution related to domestic companies on the dark web and hacking forums, and will enhance the nation’s cyber threat response capabilities by providing systematic technical support and establishing measures to prevent recurrence for companies affected by security incidents.

Meanwhile, the two organizations repeatedly emphasized the importance of implementing security measures for companies and institutions, including: applying the latest security updates to operating systems (OS) and software; strengthening administrator account passwords and setting up two-factor authentication; detecting web attacks using web firewalls and IPS; reinforcing responses to personal data leakage attacks such as SQL injection; and considering the application of secure coding practices.