Following the North Korean long-range missile launch and the subsequent closing of the Kaesong Industrial Complex, South Korean government offices have again raised the InfoCon cyberthreat warning level.
South Korea increased its cyberthreat level for a second time in less than a month on Sunday in response to what it said was a growing danger posed by North Korean cyber attacks.
Three government offices that track cyber threats — the Ministry of Defense; the National Information Service; and the Ministry of Science, ICT and Future Planning — raised the cyberthreat level as tensions on the Korean peninsula ratchet up.
“We believe there’s a larger possibility that North Korea may launch cyber attacks on the South, and recently upgraded our Information Operation Condition (InfoCon),” a defense ministry official was quoted as saying in the local media.
The Defense Ministry raised the InfoCon warning one notch to level three. The five-tier threat level system is used by the military to assess threats to the government’s IT network.
South Korea’s Ministry of Science, ICT and Future Planning (MSIP) also increased its cyberthreat assessment one notch from “moderate” or level one, to “substantial”, the equivalent of level two, following a week of escalating tensions in East Asia after North Korea launched a space rocket on February 7 and put a small weather satellite into orbit.
The Korea Internet & Security Agency (KISA), an arm of the science ministry, said cyberthreats to the nation increased from moderate to substantial for private sector websites, ecommerce sites, and email addresses “because of [the] North Korean long-range missile launch and closing of Kaesong Industrial Complex”.
“In substantial cyberthreat level [to the] private sector, KISA and MSIP recommend that every corporation raise cybersecurity monitoring, people update their PC software, and don’t open unknown emails,” a KISA official said.
South Korea’s National Intelligence Service, its spy agency, could not be reached for comment on its cyberthreat assessment.
On February 11, North and South Korea cut off an emergency “hot line” between the military of the two countries as hundreds of staff were repatriated to the South, days after Seoul announced it will withdrawal its participation in the Kaesong Industry Complex, the last remaining inter-Korean economic cooperation project.
Late last month, the science ministry increased the cyberthreat level from normal to “moderate” about one week after computers in South Korea received a barrage of malicious emails, around the same time North Korea tested a nuclear device.
The Defense and Science ministries both said that no new series of cyber attacks have been detected this time around. “We believe North Korea is more likely to launch cyber attacks than before and we’re keeping close tabs on potential signs,” said one Defense ministry official, according to local media reports.
South Korea is the target of many cyber attacks, and in particular, its government offices, financial and IT sectors, and the accounts of its personnel get hit by advanced persistent threats (ATP), phishing, and smishing attacks frequently.
The last time the cyberthreat level was this high was in 2013, following a wave of attacks that downed scores of government, banking, and media sites including the website of the presidential office. That attack took place on the 63rd anniversary of the start of the Korean War, on June 25.
Malware used in the 2013 attack has been dubbed by cyber professionals as DarkSeoul. The attack was tracked by officials who linked it to a single IP address in China. South Korea blames the North for that attack.
North Korea was also blamed by South Korea and the US for the Sony Pictures hack in November 2014, which forced the company to pull its film,The Interview, from theatrical release. But conclusive evidence that the country was indeed behind the attack remains to this day scant at best. That incident employed a phishing attack.