[Weekend Briefing] Making ourselves too tough to beat

By Dain Oh, The Readable
Feb. 23, 2024 7:30PM GMT+9

“Weekend Briefing” is a weekly newsletter sent to subscribers of The Readable every Friday. Our journalists select important news items from the previous week on topics ranging from privacy to policy development in cybersecurity, all to help you stay abreast of the latest breaking issues. And not only is this provided free of cost to our subscribers, but the briefing contains new content exclusive to subscribers, such as our insightful industrial reports.

As a dedicated note-taker—a habit closely related to my profession—I’ve recorded several quotes from a movie featuring Ben Affleck as the coach of a high school basketball team. In “The Way Back,” Affleck’s character emphasizes the importance of seemingly small actions on the court: “The little things add up. Loose ball gets us two points. Tip pass gets us to four. Steal gets us another two. Now we’re at six.” He continues to inspire his struggling team by highlighting the cumulative effect of their efforts. “Every box out, every hustle, every loose ball, every trap, put all that together. All of a sudden, we are pretty tough to beat.” (Note: I have omitted a profanity and an expletive from the original dialogue for appropriateness.)

The South Korean government has recently begun to address the finer details in cybersecurity. Previously, the national statistics for the cybersecurity workforce were grouped with the general software workforce. However, these will now be separately compiled, thanks to the establishment of a newly formed council. Hongeun Im conducted interviews with both the national statistics office and the industry association responsible for overseeing this initiative. Moreover, legislative efforts aimed at creating a national cybersecurity framework have led to the inauguration of the National Cybersecurity Laboratory (NCSL) this Monday. Kuksung Nam provided this update following her attendance at the launch event.

In addition to a detailed report on the LockBit ransomware group, which was recently dismantled by an international operation, several other significant developments have come to light. These include cyber espionage activities by China and technology theft by North Korea. Exclusive insights into the South Korea-United Kingdom cyber exercise, not available elsewhere, are featured in an article on The Readable. This week’s briefing is packed with essential reads.

This is Dain Oh reporting from South Korea, and here is your weekend briefing.

1. South Korea bolsters national cybersecurity workforce statistics

Designed by Areum Hwang, The Readable

South Korea’s Statistics Korea (KOSTAT) announced on Monday its plans to compile statistics on the cybersecurity workforce. This initiative, requested by the Ministry of Science and ICT (MSIT), will be included in the “National Statistics Development Project.”

The MSIT’s request for “cybersecurity workforce status statistics” is tied to the creation of the Information Security Industrial Skills Council (ISC) on February 21. The Korea Information Security Industry Association (KISIA), the project management agency for the National Statistics Development Project, explained to The Readable that the establishment of the new council necessitates a precise understanding of the cybersecurity workforce’s status and statistics for effective training and management. READ MORE

2. New cybersecurity association aims to bolster South Korea’s legislative framework

Jeong Kyeong-doo, the president of the National Cyber Security Laboratory (NCSL), is delivering his opening remarks on February 19. Photo by Kuksung Nam, The Readable

On Monday, cybersecurity experts from both the public and private sectors gathered to commemorate the establishment of a new association dedicated to assisting South Korean lawmakers in drafting legislation pertinent to the cybersecurity field.

During the inaugural general meeting held at the National Assembly Member’s Office Building, Jeong Kyeong-doo, the president of the National Cyber Security Laboratory (NCSL), noted a global lack of interest in recognizing and addressing cyber threats. In his opening remarks, Jeong stated, “The whole world is focusing on developing countermeasures against military conflicts that are visible to the naked eye, those that happen on physical battlefields. The devastating reality is that the severity of conflicts in cyberspace, where wars rage unseen, is not being adequately acknowledged.” READ MORE

3. Combined cyber army of ROK and UK performed first exercise following strategic partnership

Designed by Areum Hwang, The Readable

Several South Korean government agencies responsible for national cyber defense collaborated with the British military to conduct a joint international cyber exercise. This cooperative training, aimed at testing their combined capabilities to counter cyberattacks, concluded on February 16 after a week-long session.

In an email statement to The Readable on February 21, the British Embassy in Seoul confirmed that this training marked the first-ever combined military exercise between South Korea and the United Kingdom.

The Defense Cyber Marvel (DCM), organized by the U.K. Army Cyber Association, began as a domestic training event in 2022 before expanding to an international scale the following year. According to a press release from South Korea’s National Intelligence Service (NIS) on Wednesday, this year’s iteration, dubbed “DCM3,” saw participation from 17 countries, including Japan, Germany, and France, with a total of 46 teams. READ MORE

4. South Korea, Germany jointly warn of North Korea’s defense technology theft

Designed by Areum Hwang, The Readable

Intelligence agencies from South Korea and Germany jointly issued a security advisory concerning cyber threats from North Korea, primarily regarding the theft of advanced defense technology. This marks the second occasion that the two countries have issued a joint cybersecurity statement against cyberattacks attributed to the Pyongyang regime.

On February 19, the National Intelligence Service (NIS) of South Korea and the Federal Office for the Protection of the Constitution (BfV) of Germany issued a joint cybersecurity advisory. This advisory calls for heightened security awareness in response to ongoing cyber campaigns originating from North Korea. READ MORE

5. South Korean police investigate alleged North Korean cyberattack on Supreme Court

Designed by Areum Hwang, The Readable

South Korea’s Supreme Court is currently under investigation by the country’s law enforcement officials, who are investigating an alleged cyberattack. The attack, purportedly orchestrated by a North Korean state-sponsored hacking group, targeted the judicial branch’s computer network last year.

The Korean National Police Agency stated on Wednesday that they are seizing servers at the Supreme Court’s Judicial Information Technology Center. “We are investigating the IT center to identify the attackers and their methods,” a Cyber Terror Response Division official told The Readable. The official mentioned that the operation began on February 13 but refrained from disclosing more details, citing the ongoing nature of the investigation. READ MORE

6. International task force takes down world’s biggest ransomware group LockBit

Source: The National Crime Agency of the United Kingdom

A collaborative task force named “Operation Cronos,” involving the National Crime Agency (NCA), the Federal Bureau of Investigation (FBI), Europol, and other international partners, successfully infiltrated and disrupted LockBit, one of the world's most prevalent ransomware variants.

In a press release issued by the National Crime Agency (NCA) on Tuesday, it was announced that the task force, as part of Operation Cronos, arrested two LockBit affiliates, disabled over 200 cryptocurrency accounts, and obtained more than 1,000 decryption keys, an essential component that allows victims of ransomware to recover their compromised data. The affiliates were apprehended in Poland and Ukraine, while two Russians faced sanctions from the United States. Furthermore, Europol disclosed that the operation led to the shutdown of 34 servers worldwide and the closure of over 14,000 accounts across two encrypted email services—Tutanota and ProtonMail—as well as the online storage service Mega. READ MORE

7. Chinese espionage campaigns and cyberattacks on critical infrastructure in Southeast Asia

Designed by Areum Hwang, The Readable

In early 2024, several member states of the Association of Southeast Asian Nations (ASEAN) were targeted in cyberattacks linked to China-backed threat actors. These incidents encompassed espionage campaigns directed at government agencies and cyberattacks on vital infrastructure, orchestrated by Chinese entities.

While both cyber espionage campaigns and cyberattacks on critical infrastructure pose significant threats to national security, state sovereignty, and public safety, their objectives and potential impacts differ. Cyber espionage campaigns primarily target government entities or corporations with the goal of intelligence gathering, reconnaissance, and surveillance. In contrast, cyberattacks on critical infrastructure are designed to disrupt or disable essential services and systems, such as drinking water supplies, transportation networks, and communication systems. Such attacks can lead to immediate and widespread chaos, significantly endangering public safety. READ MORE

8. South Korea Supreme Court is set to adjudicate a case involving the leak of autonomous technology to China

Designed by Sangseon Kim, The Readable

A professor from the Korea Advanced Institute of Science and Technology (KAIST) has taken his case to South Korea’s Supreme Court, challenging the prison sentence handed down by an appellate court for allegedly leaking autonomous vehicle sensor technologies to China. Local media reports indicate that the professor, through his attorney, filed a final appeal on Tuesday, contesting the appellate court’s decision as unjust and asserting his innocence. During an appeal trial on February 15, he refuted allegations of divulging key LIDAR (Light Detection and Ranging) technology to Chinese entities. Overturning a prior probation sentence, the Daejeon District Court imposed a 2-year prison term. When approached by The Readable for a comment, the Daejeon District Prosecutors’ Office, responsible for the investigation, stated that it was not yet in a position to provide a definitive stance on the appeal. By Chanwoo Yong, The Readable

9. [NSA] Cybersecurity director Rob Joyce retires from NSA

10. [CNBC] Biden to sign executive order on US port cybersecurity targeting Chinese-manufactured shipping cranes

11. [Cybersixgill] State of the underground 2024


The cover image of this article was designed by Areum Hwang. This article was copyedited by Arthur Gregory Willers.

Dain Oh is a distinguished journalist based in South Korea, recognized for her exceptional contributions to the field. As the founder and editor-in-chief of The Readable, she has demonstrated her expertise in leading media outlets to success. Prior to establishing The Readable, Dain was a journalist for The Electronic Times, a prestigious IT newspaper in Korea. During her tenure, she extensively covered the cybersecurity industry, delivering groundbreaking reports. Her work included exclusive stories, such as the revelation of incident response information sharing by the National Intelligence Service. These accomplishments led to her receiving the Journalist of the Year Award in 2021 by the Korea Institute of Information Security and Cryptology, a well-deserved accolade bestowed upon her through a unanimous decision. Dain has been invited to speak at several global conferences, including the APEC Women in STEM Principles and Actions, which was funded by the U.S. State Department. Additionally, she is an active member of the Asian American Journalists Association, further exhibiting her commitment to journalism.