[단독]The parking lot system behind the NIS, that was the entrance to the hack

In November last year, the National Intelligence Service conducted a thorough investigation into the parking lot information system of public institutions with the Ministry of Public Administration and Security. In the same month, this was a result of the hacking of Company A, who had been managing parking lots for public institutions and private companies.

Voice AI technology can be exploited for voice manipulation. [사진 게티이미지]

Company A provides services such as management of entry and exit information and settlement of parking fees to local governments and public institutions such as local offices of education.

The NIS doubted the background of hackers targeting Company A. It is believed that it has attacked a parking management agency, a security blind spot, with the aim of infiltrating the internal network of public institutions. An official from the NIS said on the 9th, “It was discovered early and did not cause significant damage, but if the software in use by many users is exploited in a supply chain attack, serious damage is concerned.”

This case is an example of a’supply-chain attack’ that the NIS is paying attention to recently. A hacker infiltrates a network management company such as Company A, which manages information on the main field, and inserts a malicious program or malicious code. Supply chain hacking is most concerned that a large amount of data can be leaked at once.

At the end of last year, a supply chain attack on Solarwinds, an IT infrastructure management company in the United States, is a prime example. Foreign media reported that the US Treasury, the State Department, the Department of Homeland Security, the National Institutes of Health, and the Department of Energy and the National Nuclear Security Office (NNSA), which are in charge of nuclear weapons, were also hacked. In Korea, there was a case where the computer network of the Nonghyup was paralyzed due to a North Korean hacking attack in 2011.

The NIS did not specify North Korea as the subject of hacking for Company A. However, according to the domestic security industry, it is analyzed that the hacking attack on Wizvera’s security program’Veraport’ that occurred in Korea in May of last year was behind the North Korean hacker organization’Lazarus’. In Korea, it is often necessary to install additional security software when visiting internet banking or government websites. Veraport is a program that helps to integrate and install it. In addition to Lazarus, Kimsuky, Geumseong121, and Konni are known as hacker organizations supported by the North Korean government.

In December of last year, there was an attempt to instill malicious code with an e-mail pretending to be a cybersecurity expert to Mr. B, a representative of a domestic security company. Introducing himself as an expert working in Europe, he introduced the details and achievements of his activities and proposed a’cyber security joint venture and joint research project’. I also added a URL where you can access directly, asking you to check your resume. As a result of inquiring about the hacking of Mr. B, the malicious code was hidden in the URL attached to the message.

Google Threat Analysis Group (TAG), a security team of Google, also announced on the 26th of last month (local time) that “the attacks by North Korean hackers against overseas cybersecurity researchers are expanding.” Google reported that there were cases of accessing security researchers using fake personal information from various social network services (SNS) such as Twitter, LinkedIn, and Telegram.

Supply chain hacking is very difficult to detect because malicious code is planted in normal software update files. Jong-Hyun Moon, head of the Security Response Center of East Security, a security company, said, “Supply chain attacks are not incapacitating normal program functions and operating malicious functions, but in the presence of malicious codes while all original program functions are operating.” It is also difficult” he said.

National Intelligence Service. News 1

On the 29th of last month, the National Intelligence Service called on cybersecurity companies to caution against supply chain hacking attacks through the Korea Information Security Industry Association (KISIA). An official from the NIS said, “Software manufacturers should prepare for hacking from the development stage and perform thorough security management such as regular vulnerability inspection, and users should make every effort to prevent hacking damage through regular security updates.”

Reporter Moon-hee Wi [email protected]