Cybersecurity News that Matters

Cybersecurity News that Matters

Magic Broom Operation: South Korea is blocking security holes abused by Pyongyang

by Dain Oh, Sangseon Kim, Arthur Gregory Willers

Nov. 08, 2023
12:25 PM GMT+9

Security vulnerabilities discovered in a popular authentication software application have been exploited by North Korean hacking groups despite an unusual warning issued to South Korean users four months ago, the National Intelligence Service (NIS) said on Tuesday.

In a joint operation intended to fortify Korea’s national security, the NIS has joined forces with antivirus software companies to create applications able to detect vulnerable software on users’ devices in order to delete it automatically.

Led by the National Cyber Security Center, the “Magic Broom Operation” is a joint effort between the public and private sectors. Three major antivirus firms—including AhnLab, Hauri, and ESTsecurity—will help Korean government agencies wipe out security holes in their customers’ systems by running their specialized software nationwide.

The removal process will commence on November 15 for the three antivirus software companies’ enterprise customers. Unaffiliated customers are advised to use a removal tool, referring to guidelines by the government.

The NIS issued a press release on November 7 advising the public for a second time to remove software named ‘MagicLine4NX’ from their systems, as it is being used by North Korean hackers to secretly collect information from the South, a problem which, according to the agency, has been ongoing since the end of last year.

Widely used for authentication purposes throughout South Korea, MagicLine4NX self-activates on computers once it has been installed. After discovering the security holes in the software, South Korean government agencies distributed security patches to address the issue in March. The process of applying the patches, however, was too slow, which led the NIS three months later to issue its warning to the public against using the program.

On June 28, the agency warned the public of North Korean cyberattacks, disclosing that the enemy hackers had been exploiting the vulnerabilities embedded within MagicLine4NX. Nearly fifty organizations had been compromised and infected by the malicious codes devised by the Reconnaissance General Bureau in North Korea.

“Most institutions have complied with our security recommendations and have removed the compromised version of MagicLine4NX,” said the NIS. “However, we found that a few organizations had not taken any security measures, which has exposed them to cyberattacks.” The spy agency added that the North Korean hackers had been taking advantage of the delay of these non-responders to exploit vulnerabilities in their systems.

Moreover, the cybercriminals were discovered to have attempted to lay infrastructure for future attacks. “The hackers tried to infiltrate a news website by leveraging security holes,” said the agency. If the attack had succeeded, any readers who visited the website whose computer was also compromised would be affected, the NIS stressed.


Subscribe to our newsletter for the latest insights and trends. Tailor your subscription to fit your interests:

By subscribing, you agree to our Privacy Policy. We respect your privacy and are committed to protecting your personal data. Your email address will only be used to send you the information you have requested, and you can unsubscribe at any time through the link provided in our emails.

  • Dain Oh
    : Author

    Dain Oh is a distinguished journalist based in South Korea, recognized for her exceptional contributions to the field. As the founder and editor-in-chief of The Readable, she has demonstrated her expe...

    View all posts
  • Sangseon Kim
  • Arthur Gregory Willers

    Arthur Gregory Willers is a copyeditor at The Readable, where he works to make complex cybersecurity news accessible and engaging for readers. With over 20 years in education and publishing, his exper...

    View all posts
Stay Ahead with The Readable's Cybersecurity Insights