Hackers gained access to 213 Seoul Metro computers
According to South Korea’s National Intelligence Service (NIS), Seoul’s subway system has been attacked using techniques linked to a North Korean-linked hacking group.
The information came to us via the Korea Herald (not working now, probably under DDoS,WebCache view here), which reported today that NIS discovered an attack on Seoul Metro, a state-owned company that manages four subway lines in the nation’s capital (Lines 1, 2, 3, and 4).
The attack happened during July 2013, and as a consequence of hacking two server gateways, hackers gained access to 213 of Seoul Metro’s computers.
NIS is also reporting that 58 out of the 213 computers were infected with malware, which helped attackers steal 12 documents from the computers’ hard drives.
According to official statements, the documents did not contain any kind of sensitive information, just basic human resources data, along with internal management procedures.
The Seoul subway system was not affected by the hack
None of the affected computers was used to manage the actual subway system and its trains.
Seoul Metro representatives say that the subway network is managed through a different computer system, not connected to the Internet, just for these reasons.
As with any hacking incident that happens in South Korea, first suspicions will always be taking into account that a North Korean state-sponsored group was at the source of this attack.
NIS says that because the incident took place so long ago, there were not enough logs to analyze and detect “the first point of hacking and the source of the code.”
Officials do say that the techniques they’ve observed are very similar to the same techniques used in the hacking of South Korean banks and broadcasters in March 2013. At that time, for those events, evidence pointed towards North Korea.
Only this year, Seoul Metro is reporting that over 350,000 cyber-attacks have been recorded targeting its network.