Results of the 2021 Seoul National University Hospital Personal Information Leakage Investigation
Use of North Korean vocabulary in the account used to seize the internal network
The main target is the server where pathology tests such as biopsies are stored
The 830,000 personal information leaks that occurred at Seoul National University Hospital in 2021 were revealed to be the work of a North Korean hacking organization. A total of 810,000 cases of information leaked out due to infection with malicious code, including pathological test results such as biopsies, diagnosis names, and patient names. The police believed that they committed hacking by aiming for medical information on key personnel.
The National Investigation Headquarters of the National Police Agency announced on the 10th the results of the investigation into the personal information leakage case at Seoul National University Hospital that occurred in 2021.
An official from the National Police Agency said, “We determined that the attack was done by a North Korean hacking organization after comprehensively determining the IP address of the source of the attack, IP address washing technique, system intrusion/management technique, and the use of North Korean words in the account password used to seize the internal network.” He said, “It is presumed to be related to ‘Kim Soo-ki’.” Kim Soo-ki is one of several hacking organizations within North Korea’s Reconnaissance General Bureau, along with Lazarus, Bluenoroff, and Andariel.
They also used the North Korean vocabulary of ‘don’t get hurt’ (meaning don’t touch) in the password for the account they used to seize the internal network of Seoul National University Hospital. An official from the National Police Agency explained, “When I unlocked the encrypted password, I found that these words were used.”
It was investigated that they laid the foundation for hacking Seoul National University Hospital by taking control of seven servers located in Korea and abroad in May and June 2021. While looking at several servers to infiltrate Seoul National University Hospital’s internal network, they found a vulnerability that could plant malicious code when uploading photos and files in the bulletin board writing function. Afterwards, they infiltrated the internal network of Seoul National University Hospital and stole various personal information.
The police determined that they stole the personal information of 830,000 people, including 810,000 patients and 17,000 current and former employees. The police said, “We confirmed that the information of 17,000 former and current employees was actually leaked, and the personal information of the remaining 810,000 patients was confirmed.” There is no case,” he explained.
It was investigated that the North Korean hacking organization targeted the server that stored photos of pathological tests such as biopsy and cytology, as well as diagnosis names. The information of 810,000 patients whose leakage was confirmed was also leaked from the server where the pathology test results were stored.
An official from the National Police Agency said, “It is possible to confirm the purpose of hacking only after obtaining a statement after the arrest of the suspect, but it is impossible to arrest in this case.” . However, he said that it was “difficult to confirm” whether the medical information of key personnel was actually leaked.
Reporter Hong In-ki
2023-05-10 03:00:00
#North #Korean #hacking #organization #targeting #medical #information #key #personnel.. #Pathology #Test #Information #Leakage #Situation #Seoul #Shinmun