North Korean hackers have been exploiting a vulnerability in a popular South Korean authentication software program that is installed on 10 million personal computers and have succeeded in infiltrating 210 devices belonging to 60 organizations so far, the South Korean national security watchdog disclosed on Thursday.
The hacking attack was first acknowledged at the end of last year in a joint investigation between the National Intelligence Service, the National Police Agency, the Korea Internet & Security Agency, and the National Security Research Institute. After analyzing the hackers’ malicious code, the investigators were able to develop a security patch for the exploited software in collaboration with the software company.
In a statement to the press, the National Intelligence Service urged users to update the authentication software as soon as possible while patching up the vulnerable software in public and financial institutions. “We are disclosing the recent cyberattacks in an aim to prevent massive damage to citizens,” wrote the intelligence agency. The agency estimates that around 10 million computers are running the vulnerable software on their system.
The affected software is believed to have been developed by the financial security solution vendor INITECH, according to a local media outlet that verified the fact through the firm. According to the report, old versions of “INISAFE Cross Web EX,” namely the versions prior to 3.3.2.40, were abused by North Korean hackers.
INISAFE is used primarily for online banking where it authenticates legitimate users. Often times, it is also utilized to add electronic signatures for public and financial services in South Korea. Through the security hole in INISAFE, North Korean hackers have been able to extensively distribute malicious code and remotely infect their targets’ devices. South Korean organizations, such as government agencies, public institutions, defense contractors, and biotechnology companies, were affected by the cyberattacks from Pyongyang.
The National Intelligence Service further announced that they plan to hold a roundtable meeting on April 5 in order to share information about the latest hacking incidents and to fend off similar attacks against the nation, labeling the recent attacks as “the organized hacking attempts from the North.” In the meeting, 12 financial security software vendors will participate, along with government bodies, including the Financial Supervisory Service and the Financial Security Institute.
Meanwhile, it is worth noting that the South Korean government has been raising its critical tone regarding North Korean cybercrimes. Until very recently, it was a rare occurrence for South Korea to publicly refer to North Korea as cybercriminals. The Ministry of Foreign Affairs blamed the North Korean regime, imposing unprecedented sanctions on four North Koreans and seven North Korean organizations in February. On the same day, the National Intelligence Service used direct words, such as “malicious cyber activities,” to describe North Korean hacking attacks.
