A North Korean state-sponsored hacking group allegedly took over a private email account belonging to one of the workers at South Korea’s electoral regulator and misused it to steal confidential information, according to South Korea’s intelligence agency on Tuesday.
The National Intelligence Service (NIS) disclosed in a press briefing that in April of 2021 the North Korean hacking group known as Kimsuky conducted a targeted attack against a senior official who worked in the National Election Commission’s regional office. The attackers disguised themselves as fellow employees to trick the victim and compromised their computers with malicious code. The NIS did not reveal the details of the data that may have been obtained by the bad actors but stated that multiple pieces of information, including confidential documents, were breached.
This disclosure accompanies a decision from the NIS to make an exception to their otherwise firm policy of keeping the results of investigations confidential and reveal to the public the results of a joint investigation of the breach against the electoral regulator. A twelve-week investigation, from July to September, was undertaken by the NIS, the Korea Internet & Security Agency (KISA), and the National Election Commission to determine whether it was possible for an attacker to have penetrated the internal network through the internet, which was external from it. The joint inspection team was formed after South Korea’s National Assembly raised concerns over North Korea’s cyberattack against the electoral regulator.
Although the North Korean hacking group’s malicious activities have been confirmed, the intelligence agency stated that it is difficult to determine whether the hackers were able to infiltrate the internal network of the electoral regulator due to insufficient evidence. “We have examined 5% of the total number of devices utilized in the National Election Commission during a short period of time with a limited workforce,” said the chief of the National Cyber Security Center (NCSC). “We need to conduct further inspections to determine if evidence of a security breach [against the internal network] is accurate.”
The third deputy director of the NIS, Baek Jong-wook, highlighted the severity of hacking attacks coming through compromised email accounts. “The breach of a single person’s private email account can be seen as a minor attack. However, there have been numerous critical accidents caused by private emails,” asserted Baek. “We have to look into cases of email hacking one by one and take each instance very seriously.” He also took time to explain the reason behind the NIS’s choice to publicly release their findings, stating that the attack on the voting system could immensely impact South Korean citizens by undermining their constitutional right, a fair and transparent election.
Meanwhile, the NIS and KISA stated that they have discovered multiple security flaws in the voting system as well as in the electoral regulator’s security policy. Baek told The Readable that they found numerous weak points in the system that can be penetrated easily by both experienced and inexperienced hackers. The third deputy director also mentioned that they did not find compromised email attacks originating from countries other than North Korea.
The National Election Commission released a statement after the NIS and KISA’s press briefing which stated that it is practically impossible to manipulate the election results, as there are various institutional strategies aimed at guaranteeing the safety and verifiability of the election process. The electoral regulator also confirmed that one employee’s computer had, in face, been compromised by malicious code. However, they stressed that there is no evidence that North Korea infiltrated the voting system during the security consultation period.
