North Korea exploits authentication software to hack South Korea

By Dain Oh, The Readable
Mar. 30, 2023 7:50PM GMT+9

North Korean hackers have been exploiting a vulnerability in a popular South Korean authentication software program that is installed on 10 million personal computers and have succeeded in infiltrating 210 devices belonging to 60 organizations so far, the South Korean national security watchdog disclosed on Thursday.

The hacking attack was first acknowledged at the end of last year in a joint investigation between the National Intelligence Service, the National Police Agency, the Korea Internet & Security Agency, and the National Security Research Institute. After analyzing the hackers’ malicious code, the investigators were able to develop a security patch for the exploited software in collaboration with the software company.

In a statement to the press, the National Intelligence Service urged users to update the authentication software as soon as possible while patching up the vulnerable software in public and financial institutions. “We are disclosing the recent cyberattacks in an aim to prevent massive damage to citizens,” wrote the intelligence agency. The agency estimates that around 10 million computers are running the vulnerable software on their system.

The affected software is believed to have been developed by the financial security solution vendor INITECH, according to a local media outlet that verified the fact through the firm. According to the report, old versions of “INISAFE Cross Web EX,” namely the versions prior to 3.3.2.40, were abused by North Korean hackers.

INISAFE is used primarily for online banking where it authenticates legitimate users. Often times, it is also utilized to add electronic signatures for public and financial services in South Korea. Through the security hole in INISAFE, North Korean hackers have been able to extensively distribute malicious code and remotely infect their targets’ devices. South Korean organizations, such as government agencies, public institutions, defense contractors, and biotechnology companies, were affected by the cyberattacks from Pyongyang.

The National Intelligence Service further announced that they plan to hold a roundtable meeting on April 5 in order to share information about the latest hacking incidents and to fend off similar attacks against the nation, labeling the recent attacks as “the organized hacking attempts from the North.” In the meeting, 12 financial security software vendors will participate, along with government bodies, including the Financial Supervisory Service and the Financial Security Institute.

Meanwhile, it is worth noting that the South Korean government has been raising its critical tone regarding North Korean cybercrimes. Until very recently, it was a rare occurrence for South Korea to publicly refer to North Korea as cybercriminals. The Ministry of Foreign Affairs blamed the North Korean regime, imposing unprecedented sanctions on four North Koreans and seven North Korean organizations in February. On the same day, the National Intelligence Service used direct words, such as “malicious cyber activities,” to describe North Korean hacking attacks.

ohdain@thereadable.co

The cover image of this article was designed by Areum Hwang.


Dain Oh is a distinguished journalist based in South Korea, recognized for her exceptional contributions to the field. As the founder and editor-in-chief of The Readable, she has demonstrated her expertise in leading media outlets to success. Prior to establishing The Readable, Dain was a journalist for The Electronic Times, a prestigious IT newspaper in Korea. During her tenure, she extensively covered the cybersecurity industry, delivering groundbreaking reports. Her work included exclusive stories, such as the revelation of incident response information sharing by the National Intelligence Service. These accomplishments led to her receiving the Journalist of the Year Award in 2021 by the Korea Institute of Information Security and Cryptology, a well-deserved accolade bestowed upon her through a unanimous decision. Dain has been invited to speak at several global conferences, including the APEC Women in STEM Principles and Actions, which was funded by the U.S. State Department. Additionally, she is an active member of the Asian American Journalists Association, further exhibiting her commitment to journalism.