South Korean police investigate alleged North Korean cyberattack on Supreme Court

By Kuksung Nam, The Readable
Feb. 21, 2024 9:10PM GMT+9

South Korea’s Supreme Court is currently under investigation by the country’s law enforcement officials, who are investigating an alleged cyberattack. The attack, purportedly orchestrated by a North Korean state-sponsored hacking group, targeted the judicial branch’s computer network last year.

The Korean National Police Agency stated on Wednesday that they are seizing servers at the Supreme Court’s Judicial Information Technology Center. “We are investigating the IT center to identify the attackers and their methods,” a Cyber Terror Response Division official told The Readable. The official mentioned that the operation began on February 13 but refrained from disclosing more details, citing the ongoing nature of the investigation.

The investigation follows the top court’s disclosure last December that its computer network had been compromised by a cyberattack. This revelation came amid accusations that the Lazarus group, a notorious entity operating under the North Korean government, had penetrated the system from 2022 to early 2023. It’s believed that they may have compromised, at most, hundreds of gigabytes of data.

The National Court Administration, associated with the Supreme Court, stated that in February 2023, they detected and promptly removed a malicious code. They identified the malware as “Lazadoor,” a term coined by a South Korean cybersecurity firm that analyzed the case upon request from the affiliated organization.

In addition to identifying the malicious code, the administrative organization acknowledged the impossibility of determining the extent and characteristics of a potential data breach, including sensitive information like names, addresses, and phone numbers. They committed to conducting a comprehensive investigation in collaboration with relevant authorities and promised to inform the public of their findings in a subsequent announcement.

“A report from the cybersecurity firm identified the malware as ‘Lazadoor,’ one of the malicious codes developed by the Lazarus group,” stated a spokesperson from the National Court Administration. The spokesperson refrained from providing further details, other than mentioning their collaboration with South Korea’s intelligence agency and police for an in-depth investigation.

The cover image of this article was designed by Areum Hwang. This article was copyedited by Arthur Gregory Willers.

Kuksung Nam is a journalist for The Readable. She has extensively traversed the globe to cover the latest stories on the cyber threat landscape and has been producing in-depth stories on security and privacy by engaging with industry giants, foreign government officials and experts. Before joining The Readable, Kuksung reported on politics for one of South Korea’s top-five local newspapers, The Kyeongin Ilbo. Her journalistic skills and reportage earned her the coveted Journalists Association of Korea award in 2021 for her essay detailing exclusive stories about the misconduct of a former government official. She holds a Bachelor’s degree in French from Hankuk University of Foreign Studies, a testament to her linguistic capabilities.