In a shocking cyberattack, North Korean hackers have breached the network of one of the country’s largest hospitals, Seoul National University Hospital (SNUH), to steal sensitive medical information and personal details of hundreds of thousands of people. The incident occurred between May and June 2021, but the police only revealed it recently after a two-year investigation.

How North Korean hackers stole data from a Seoul hospital

According to the Korean National Police Agency (KNPA), the attackers used seven servers in South Korea and other countries to launch the attack on the hospital’s internal network. They exploited a vulnerability in a web server and installed malware to access the hospital’s database. The police said they traced the attack to North Korean hackers based on the following evidence:

– The intrusion techniques observed in the attacks.

– The IP addresses that have been independently linked to North Korean threat actors.

– The website registration details.

– The use of specific language and North Korean vocabulary.

The police did not name the specific hacking group behind the attack, but local media in South Korea linked it to Kimsuky, a notorious North Korean cyber espionage group that has targeted various organizations in South Korea and other countries.

The attack resulted in data exposure for 831,000 individuals, most of whom were patients at SNUH. Also, 17,000 of the impacted people are current and former hospital employees. The stolen data includes names, birth dates, phone numbers, addresses, medical records, test results, prescriptions, and insurance information.

The police warned that North Korean hackers might try to use the stolen data for various malicious purposes, such as identity theft, fraud, blackmail, or espionage. They also cautioned that hackers might try to infiltrate information and communication networks across various industries. They emphasized the need for enhanced security measures and procedures, such as implementing security patches, managing system access, and encrypting sensitive data.

“We plan to actively respond to organized cyber-attacks backed by national governments by mobilizing all our security capabilities and to firmly protect South Korea’s cyber security by preventing additional damage through information sharing and collaboration with related agencies,” said the KNPA in a press release.

This is not the first time that North Korean hackers have targeted hospitals in South Korea. In April 2021, the U.S. government warned that a North Korean ransomware operation called Maui was targeting healthcare organizations with phishing emails and malicious attachments. Security researchers at Kaspersky later linked Maui to Andariel, a sub-group of Lazarus, another notorious North Korean hacking group. North Korea has been accused of conducting numerous cyberattacks against South Korea and other countries in recent years, aiming to steal money, secrets, or cause disruption.

Keep in touch with our blog to read the latest news and innovations in the cybersecurity world. 

Facebook: Eagle Tech Corp

Instagram: @eagletech_corp

Twitter: @eagletechcorp

LinkedIn: Eagle Tech

YouTube: Eagle Tech Corp