Magic Broom Operation: South Korea is blocking security holes abused by Pyongyang

By Dain Oh, The Readable
Nov. 8, 2023 9:25PM GMT+9

Security vulnerabilities discovered in a popular authentication software application have been exploited by North Korean hacking groups despite an unusual warning issued to South Korean users four months ago, the National Intelligence Service (NIS) said on Tuesday.

In a joint operation intended to fortify Korea’s national security, the NIS has joined forces with antivirus software companies to create applications able to detect vulnerable software on users’ devices in order to delete it automatically.

Led by the National Cyber Security Center, the “Magic Broom Operation” is a joint effort between the public and private sectors. Three major antivirus firms—including AhnLab, Hauri, and ESTsecurity—will help Korean government agencies wipe out security holes in their customers’ systems by running their specialized software nationwide.

The removal process will commence on November 15 for the three antivirus software companies’ enterprise customers. Unaffiliated customers are advised to use a removal tool, referring to guidelines by the government.

The NIS issued a press release on November 7 advising the public for a second time to remove software named ‘MagicLine4NX’ from their systems, as it is being used by North Korean hackers to secretly collect information from the South, a problem which, according to the agency, has been ongoing since the end of last year.

Widely used for authentication purposes throughout South Korea, MagicLine4NX self-activates on computers once it has been installed. After discovering the security holes in the software, South Korean government agencies distributed security patches to address the issue in March. The process of applying the patches, however, was too slow, which led the NIS three months later to issue its warning to the public against using the program.

On June 28, the agency warned the public of North Korean cyberattacks, disclosing that the enemy hackers had been exploiting the vulnerabilities embedded within MagicLine4NX. Nearly fifty organizations had been compromised and infected by the malicious codes devised by the Reconnaissance General Bureau in North Korea.

“Most institutions have complied with our security recommendations and have removed the compromised version of MagicLine4NX,” said the NIS. “However, we found that a few organizations had not taken any security measures, which has exposed them to cyberattacks.” The spy agency added that the North Korean hackers had been taking advantage of the delay of these non-responders to exploit vulnerabilities in their systems.

Moreover, the cybercriminals were discovered to have attempted to lay infrastructure for future attacks. “The hackers tried to infiltrate a news website by leveraging security holes,” said the agency. If the attack had succeeded, any readers who visited the website whose computer was also compromised would be affected, the NIS stressed.

The cover image of this article was designed by Sangseon Kim. This article was copyedited by Arthur Gregory Willers.

Dain Oh is a distinguished journalist based in South Korea, recognized for her exceptional contributions to the field. As the founder and editor-in-chief of The Readable, she has demonstrated her expertise in leading media outlets to success. Prior to establishing The Readable, Dain was a journalist for The Electronic Times, a prestigious IT newspaper in Korea. During her tenure, she extensively covered the cybersecurity industry, delivering groundbreaking reports. Her work included exclusive stories, such as the revelation of incident response information sharing by the National Intelligence Service. These accomplishments led to her receiving the Journalist of the Year Award in 2021 by the Korea Institute of Information Security and Cryptology, a well-deserved accolade bestowed upon her through a unanimous decision. Dain has been invited to speak at several global conferences, including the APEC Women in STEM Principles and Actions, which was funded by the U.S. State Department. Additionally, she is an active member of the Asian American Journalists Association, further exhibiting her commitment to journalism.