A North Korean hacking group is responsible for a data breach that affected almost 830,000 individuals, including patients and employees of one of South Korea’s major hospitals two years ago, according to the South Korean police on Wednesday.
In a press release, the Korean National Police Agency stated that the North Korean hacking group had infiltrated the internal network of the Seoul National University Hospital in 2021 and exfiltrated the personal information of 810,000 patients and 17,000 former and current employees. According to the police, the hackers had gained access to private data such as names, dates of births, and in some cases, medical records of patients.
“Based on the evidence and the data extracted, we assume that the hackers breached the hospital to gain access to the medical information of prominent figures,” said an official of the Korean National Police Agency, who is closely involved in the matter, to The Readable. The official did not disclose additional information about the targeted individuals.
Furthermore, the South Korean police explained that they concluded that the culprits were North Korean hackers due to various details, including the use of the North Korean dialect. In the words of the official, the hacking group created an account inside the hospital’s internal network and set a password with a combination of different characters, including a bundle of Korean letters typed on an English keyboard. When correctly read, these letters show a North Korean word that means “do not mess with me.”
The Korean National Police Agency stated that they cannot exclude the possibility that the breach was conducted by the North Korean state sponsored hacking group Kimsuky. According to the United States Cybersecurity and Infrastructure Security Agency (CISA), Kimsuky is a hacking group whose mission is to gather international intelligence for the North Korean regime. Last March, the South Korean intelligence agency and its German counterpart issued a joint alert and publicly warned of the hacking techniques used by the North Korean cybercriminal group.
