Daily Briefing is a curated listicle made available by The Readable. We select a handful of significant stories worth sharing with our readers and present them in an easy-to-read, accessible format. Dain Oh and Minkyung Shin collaborate in monitoring, selecting, and reviewing the news articles, with Arthur Gregory Willers contributing to improve the overall readability of the briefing.
1. South Korea launches investigation into TikTok over privacy violations – South Korea’s Yonhap
The South Korean government has launched an investigation into TikTok, the Chinese short-form video platform, for potential violations of domestic privacy laws. On October 7, the Personal Information Protection Commission (PIPC) announced that it began investigating possible breaches of the Personal Information Protection Act last week. In addition, the Korea Communications Commission (KCC) plans to conduct a separate inquiry, through the Korea Internet & Security Agency (KISA), to look into potential violations of the Information and Communications Network Act.
TikTok reportedly requires users to agree to its “Terms of Service” and “Privacy Policy” during registration without offering detailed information, potentially violating Article 22 of the Personal Information Protection Act. This article mandates that data subjects must be clearly informed. Additionally, concerns have been raised about TikTok automatically obtaining consent for marketing and advertising during registration, which may breach Article 50 of the Information and Communications Network Act. This law requires explicit user consent before sending advertising information.
TikTok, operated by Beijing-based ByteDance since 2016, has faced growing global scrutiny over privacy and cybersecurity issues. In 2022, the U.S. enacted legislation banning federal employees from using the app on government devices. Similarly, the European Union prohibited its use on both official and personal devices registered to its staff.
- Related article: TikTok and Meta delete fake video of South Korean president READ MORE
2. South Korea’s Unification Ministry ranks low in cybersecurity amid increasing North Korean cyber attacks – South Korea’s News1
Despite the growing threat of North Korean cyberattacks, South Korea’s Unification Ministry has consistently ranked among the worst in cybersecurity management over the past three years. A report by National Assembly member Han Jeong-ae, based on the National Intelligence Service’s (NIS) evaluation of 21 government ministries from 2021 to 2023, revealed that the Unification Ministry failed to meet the average score each year. In 2021, it received a “poor” rating, placing last among the ministries. In 2022 and 2023, it ranked 18th and 20th, respectively, with a “moderate” rating.
The NIS conducts annual evaluations of information security management for public institutions, central administrative agencies, and local governments. These assessments focus on administrative security, technical security, and crisis response capabilities. Over the past five years, the Unification Ministry has failed to surpass 70 out of 100 points, consistently ranking below other ministries. In 2023, the ministry scored 68 points, which is 79% of the top-ranking agency’s score.
Rep. Han criticized the Unification Ministry for its inadequate information security management, particularly given its responsibility for handling sensitive national security information related to inter-Korean affairs. She stressed the importance of cybersecurity in safeguarding national assets and citizens’ safety, urging the ministry to prioritize and strengthen its security measures.
- Related article: Magic Broom Operation: South Korea is blocking security holes abused by Pyongyang READ MORE
3. Hacker attack disrupts Russian state media on Putin’s birthday – Reuters
On Russian President Vladimir Putin’s 72nd birthday, Russian state media giant VGTRK suffered a major cyberattack that disrupted its website and online broadcasting services, including the Rossiya-24 news channel. Kremlin spokesman Dmitry Peskov confirmed that VGTRK’s digital infrastructure had been compromised, and specialists were working to identify those responsible. The disruption led to error messages across the media outlet’s platforms, signaling an attack of unprecedented scale.
A Ukrainian government source claimed responsibility for the cyberattack, stating that Ukrainian hackers coordinated the offensive as a symbolic gesture on Putin’s birthday. Russian news outlet Gazeta.ru reported that the attack disrupted VGTRK’s online and internal services, including its telephony systems, and wiped server data, making recovery efforts extensive. Russian Foreign Ministry spokeswoman Maria Zakharova remarked that Russian media had long been targets of “the collective West” and framed the incident as part of a broader “hybrid war.” The Russian government announced plans to raise the issue in international forums, including UNESCO, labeling it an attack on freedom of speech.
- Related article: Russian hackers targeted Mongolian government with techniques akin to commercial spyware providers, Google says READ MORE
4. Water supplier American Water Works says systems hacked – CBS News
American Water Works, the largest regulated water and wastewater utility in the U.S., disclosed on Monday that its computer systems were breached by hackers. The Camden, New Jersey-based company, which provides services to over 14 million people across 14 states and military installations, detected the unauthorized access last Thursday. In response, the company took precautionary steps, such as disabling certain systems and temporarily suspending customer billing. While operations and facilities remain unaffected, the company is still evaluating the full scope of the breach. No late fees will be applied during this period, and law enforcement has been notified.
The incident underscores growing cybersecurity concerns in the U.S., particularly regarding critical infrastructure such as water treatment facilities. Recently, U.S. officials have voiced concerns about Chinese intelligence activities targeting these essential services. The Wall Street Journal reported that a cyberattack on U.S. broadband providers was linked to the Chinese government. Following the breach, American Water Works’ shares fell by 3.9%, closing at $136.99.
- Related article: US alerts 50 governors to cyberattack threats on water systems READ MORE
5. US moves to seize $2.7 million from Lazarus hacks traced through Tornado Cash, other mixers – The Block
Two recent forfeiture actions filed by the U.S. Attorney for the District of Columbia have shed light on North Korea’s cryptocurrency laundering methods, as authorities seek to seize approximately $2.67 million in cryptocurrency stolen in two major hacks attributed to the Lazarus Group. The complaints aim to recover $1.7 million in Tether (USDT) linked to the $28 million hack of the crypto exchange Deribit in 2022, as well as about $971,000 in Avalanche-bridged Bitcoin (BTC.b) from the $41 million hack of online casino Stake.com. Law enforcement traced the stolen funds using various methods, including Tornado Cash, Sinbad, and Yonmix mixers, identifying wallet patterns and tracing consolidation addresses.
In the Deribit case, the hackers swapped the stolen assets for Ethereum and sent them through Tornado Cash, ultimately converting them to USDT on the Tron blockchain. Law enforcement successfully froze $1.7 million across five wallets, despite the hackers’ attempts to evade detection. In the Stake.com hack, the Lazarus Group converted the stolen funds to Bitcoin using the Avalanche Bridge and laundered them through Sinbad and Yonmix mixers. Authorities were able to freeze some assets during the laundering process but recovered only a small portion of the stolen Bitcoin.
These efforts underscore both the challenges and advancements in tracking crypto-laundering activities by North Korean hackers, who remain active. The Lazarus Group has been linked to other significant attacks, including a $230 million exploit on the Indian crypto exchange WazirX, highlighting their ongoing threat to the cryptocurrency landscape.
- Related article: North Korean hackers laundered $150K in crypto through Cambodian payment firm READ MORE
Editor’s note: The summaries of each article were created by ChatGPT 4o and reviewed by Dain Oh. The daily briefing will return on October 10 due to the South Korean national holiday on October 9.
