Malware
“Breaking News: Cyber Attack by North Korean Hackers on Seoul Hospital Sparks Security Concerns and Data Breach Fears”
North Korean hackers have successfully breached a major hospital in Seoul, Korea, in an attempt to steal sensitive data. The attack, which is believed to have been carried out by the notorious Lazarus Group, targeted the patient database of the hospital. The group is known for its involvement in high-profile cyberattacks, including the 2014 Sony Pictures hack and the WannaCry ransomware attack.
North Korean Hackers Breach Seoul National University Hospital Network
IT Services at the Seoul National University Hospital (SNUH) experienced a breach by North Korean hackers who stole sensitive medical information and personal details. The Korean National Police Agency (KNPA) conducted a two-year analytical investigation to identify the perpetrators and warned of possible future attacks on various industries.
The attack occurred between May and June 2021. The KNPA attributed the attack to North Korean hackers based on intrusion techniques used in the attacks, IP addresses that have been independently linked to North Korean threat actors, website registration details, and the use of specific language and North Korean vocabulary. While local media linked the attack to the Kimsuky hacking group, the police report did not explicitly mention the particular threat group.
The hackers used seven servers in South Korea and other countries to launch the attack on the hospital’s internal network. The data exposure affected 831,000 individuals, most of whom were patients. Additionally, 17,000 current and former hospital employees were impacted.
The KNPA press release urged IT Services to take measures such as implementing security patches, managing system access, and encrypting sensitive data. The agency plans to mobilize all its security capabilities to respond to organized cyber-attacks backed by national governments and protect South Korea’s cybersecurity by preventing additional damage through information sharing and collaboration with related agencies.
Maui and Andariel
North Korean hackers have previously targeted healthcare organizations with ransomware to steal sensitive data and extort a ransom payment. The U.S. government has warned the healthcare sector to raise their defenses against the North Korean operation, specifically highlighting the Maui ransomware threat.
Security researchers at Kaspersky linked the Maui ransomware operation to a specific cluster of activity named ‘Andariel’ (aka ‘Stonefly’), believed to be a sub-group of Lazarus. Lazarus has been targeting South Korean entities with ransomware since April 2021.