[Weekend Briefing] Making ourselves too tough to beat

By Dain Oh, The Readable
Feb. 23, 2024 7:30PM GMT+9

“Weekend Briefing” is a weekly newsletter sent to subscribers of The Readable every Friday. Our journalists select important news items from the previous week on topics ranging from privacy to policy development in cybersecurity, all to help you stay abreast of the latest breaking issues. And not only is this provided free of cost to our subscribers, but the briefing contains new content exclusive to subscribers, such as our insightful industrial reports.

As a dedicated note-taker—a habit closely related to my profession—I’ve recorded several quotes from a movie featuring Ben Affleck as the coach of a high school basketball team. In “The Way Back,” Affleck’s character emphasizes the importance of seemingly small actions on the court: “The little things add up. Loose ball gets us two points. Tip pass gets us to four. Steal gets us another two. Now we’re at six.” He continues to inspire his struggling team by highlighting the cumulative effect of their efforts. “Every box out, every hustle, every loose ball, every trap, put all that together. All of a sudden, we are pretty tough to beat.” (Note: I have omitted a profanity and an expletive from the original dialogue for appropriateness.)

The South Korean government has recently begun to address the finer details in cybersecurity. Previously, the national statistics for the cybersecurity workforce were grouped with the general software workforce. However, these will now be separately compiled, thanks to the establishment of a newly formed council. Hongeun Im conducted interviews with both the national statistics office and the industry association responsible for overseeing this initiative. Moreover, legislative efforts aimed at creating a national cybersecurity framework have led to the inauguration of the National Cybersecurity Laboratory (NCSL) this Monday. Kuksung Nam provided this update following her attendance at the launch event.

In addition to a detailed report on the LockBit ransomware group, which was recently dismantled by an international operation, several other significant developments have come to light. These include cyber espionage activities by China and technology theft by North Korea. Exclusive insights into the South Korea-United Kingdom cyber exercise, not available elsewhere, are featured in an article on The Readable. This week’s briefing is packed with essential reads.

This is Dain Oh reporting from South Korea, and here is your weekend briefing.

1. South Korea bolsters national cybersecurity workforce statistics

South Korea’s Statistics Korea (KOSTAT) announced on Monday its plans to compile statistics on the cybersecurity workforce. This initiative, requested by the Ministry of Science and ICT (MSIT), will be included in the “National Statistics Development Project.”

The MSIT’s request for “cybersecurity workforce status statistics” is tied to the creation of the Information Security Industrial Skills Council (ISC) on February 21. The Korea Information Security Industry Association (KISIA), the project management agency for the National Statistics Development Project, explained to The Readable that the establishment of the new council necessitates a precise understanding of the cybersecurity workforce’s status and statistics for effective training and management. READ MORE

2. New cybersecurity association aims to bolster South Korea’s legislative framework

On Monday, cybersecurity experts from both the public and private sectors gathered to commemorate the establishment of a new association dedicated to assisting South Korean lawmakers in drafting legislation pertinent to the cybersecurity field.

During the inaugural general meeting held at the National Assembly Member’s Office Building, Jeong Kyeong-doo, the president of the National Cyber Security Laboratory (NCSL), noted a global lack of interest in recognizing and addressing cyber threats. In his opening remarks, Jeong stated, “The whole world is focusing on developing countermeasures against military conflicts that are visible to the naked eye, those that happen on physical battlefields. The devastating reality is that the severity of conflicts in cyberspace, where wars rage unseen, is not being adequately acknowledged.” READ MORE

3. Combined cyber army of ROK and UK performed first exercise following strategic partnership

Several South Korean government agencies responsible for national cyber defense collaborated with the British military to conduct a joint international cyber exercise. This cooperative training, aimed at testing their combined capabilities to counter cyberattacks, concluded on February 16 after a week-long session.

In an email statement to The Readable on February 21, the British Embassy in Seoul confirmed that this training marked the first-ever combined military exercise between South Korea and the United Kingdom.

The Defense Cyber Marvel (DCM), organized by the U.K. Army Cyber Association, began as a domestic training event in 2022 before expanding to an international scale the following year. According to a press release from South Korea’s National Intelligence Service (NIS) on Wednesday, this year’s iteration, dubbed “DCM3,” saw participation from 17 countries, including Japan, Germany, and France, with a total of 46 teams. READ MORE

4. South Korea, Germany jointly warn of North Korea’s defense technology theft

Intelligence agencies from South Korea and Germany jointly issued a security advisory concerning cyber threats from North Korea, primarily regarding the theft of advanced defense technology. This marks the second occasion that the two countries have issued a joint cybersecurity statement against cyberattacks attributed to the Pyongyang regime.

On February 19, the National Intelligence Service (NIS) of South Korea and the Federal Office for the Protection of the Constitution (BfV) of Germany issued a joint cybersecurity advisory. This advisory calls for heightened security awareness in response to ongoing cyber campaigns originating from North Korea. READ MORE

5. South Korean police investigate alleged North Korean cyberattack on Supreme Court

South Korea’s Supreme Court is currently under investigation by the country’s law enforcement officials, who are investigating an alleged cyberattack. The attack, purportedly orchestrated by a North Korean state-sponsored hacking group, targeted the judicial branch’s computer network last year.

The Korean National Police Agency stated on Wednesday that they are seizing servers at the Supreme Court’s Judicial Information Technology Center. “We are investigating the IT center to identify the attackers and their methods,” a Cyber Terror Response Division official told The Readable. The official mentioned that the operation began on February 13 but refrained from disclosing more details, citing the ongoing nature of the investigation. READ MORE

6. International task force takes down world’s biggest ransomware group LockBit

A collaborative task force named “Operation Cronos,” involving the National Crime Agency (NCA), the Federal Bureau of Investigation (FBI), Europol, and other international partners, successfully infiltrated and disrupted LockBit, one of the world’s most prevalent ransomware variants.

In a press release issued by the National Crime Agency (NCA) on Tuesday, it was announced that the task force, as part of Operation Cronos, arrested two LockBit affiliates, disabled over 200 cryptocurrency accounts, and obtained more than 1,000 decryption keys, an essential component that allows victims of ransomware to recover their compromised data. The affiliates were apprehended in Poland and Ukraine, while two Russians faced sanctions from the United States. Furthermore, Europol disclosed that the operation led to the shutdown of 34 servers worldwide and the closure of over 14,000 accounts across two encrypted email services—Tutanota and ProtonMail—as well as the online storage service Mega. READ MORE

7. Chinese espionage campaigns and cyberattacks on critical infrastructure in Southeast Asia

In early 2024, several member states of the Association of Southeast Asian Nations (ASEAN) were targeted in cyberattacks linked to China-backed threat actors. These incidents encompassed espionage campaigns directed at government agencies and cyberattacks on vital infrastructure, orchestrated by Chinese entities.

While both cyber espionage campaigns and cyberattacks on critical infrastructure pose significant threats to national security, state sovereignty, and public safety, their objectives and potential impacts differ. Cyber espionage campaigns primarily target government entities or corporations with the goal of intelligence gathering, reconnaissance, and surveillance. In contrast, cyberattacks on critical infrastructure are designed to disrupt or disable essential services and systems, such as drinking water supplies, transportation networks, and communication systems. Such attacks can lead to immediate and widespread chaos, significantly endangering public safety. READ MORE

8. South Korea Supreme Court is set to adjudicate a case involving the leak of autonomous technology to China

A professor from the Korea Advanced Institute of Science and Technology (KAIST) has taken his case to South Korea’s Supreme Court, challenging the prison sentence handed down by an appellate court for allegedly leaking autonomous vehicle sensor technologies to China. Local media reports indicate that the professor, through his attorney, filed a final appeal on Tuesday, contesting the appellate court’s decision as unjust and asserting his innocence. During an appeal trial on February 15, he refuted allegations of divulging key LIDAR (Light Detection and Ranging) technology to Chinese entities. Overturning a prior probation sentence, the Daejeon District Court imposed a 2-year prison term. When approached by The Readable for a comment, the Daejeon District Prosecutors’ Office, responsible for the investigation, stated that it was not yet in a position to provide a definitive stance on the appeal. By Chanwoo Yong, The Readable

More stories this week…

9. [NSA] Cybersecurity director Rob Joyce retires from NSA

10. [CNBC] Biden to sign executive order on US port cybersecurity targeting Chinese-manufactured shipping cranes

11. [Cybersixgill] State of the underground 2024

[email protected]

The cover image of this article was designed by Areum Hwang. This article was copyedited by Arthur Gregory Willers.

Dain Oh is a distinguished journalist based in South Korea, recognized for her exceptional contributions to the field. As the founder and editor-in-chief of The Readable, she has demonstrated her expertise in leading media outlets to success. Prior to establishing The Readable, Dain was a journalist for The Electronic Times, a prestigious IT newspaper in Korea. During her tenure, she extensively covered the cybersecurity industry, delivering groundbreaking reports. Her work included exclusive stories, such as the revelation of incident response information sharing by the National Intelligence Service. These accomplishments led to her receiving the Journalist of the Year Award in 2021 by the Korea Institute of Information Security and Cryptology, a well-deserved accolade bestowed upon her through a unanimous decision. Dain has been invited to speak at several global conferences, including the APEC Women in STEM Principles and Actions, which was funded by the U.S. State Department. Additionally, she is an active member of the Asian American Journalists Association, further exhibiting her commitment to journalism.

Please leave this field empty

Subscription

Subscribe to our newsletter for the latest insights and trends. Tailor your subscription to fit your interests:

Email Address *

By subscribing, you agree to our Privacy Policy. We respect your privacy and are committed to protecting your personal data. Your email address will only be used to send you the information you have requested, and you can unsubscribe at any time through the link provided in our emails.

Your subscription to The Readable's newsletter has been successfully processed. Welcome to our community of cybersecurity enthusiasts and experts!