ALL >> Technology,-Gadget-and-Science >> View Article
North Korean Hackers Crippled Bank In South Korea
Investigators in South Korea have blamed North Korea for the recent cyber-attack on National Agricultural Cooperative Federation (Nonghyup) and called it "unprecedented cyber-terror deliberately planned" by North Korea. The Yonhap news agency quoted the officials describing the attack as a new kind of terrorism aimed at destroying the financial foundation of South Korea’s capitalist society.
The cyber-attack led to the disruption of the computer network of the financial institution last month. The cyber-attack paralyzed the Automated Teller Machine (ATM) services and online banking services, which reportedly affected around 20 million customers of Nonghyup. The system crash started April 12 and left customers of Nonghyup -- the National Agricultural Cooperative Federation -- unable to withdraw or transfer funds, use credit cards or take out loans. Also, customer data was lost and passwords were exposed. It was three days before services were partially restored.
Prosecutors blamed North Korea's General Bureau of Reconnaissance, saying they reached their conclusion after analyzing 81 malignant codes. The information ...
... was found in the laptop of an IBM worker who was at Nonghyup's Information Technology center under an outsourcing contract.
The North brought down the computer system of the National Agricultural Cooperative Federation, or Nonghyup, by hacking into an official’s laptop and operating it remotely as a “zombie computer”, the prosecutors’ office said.
The command files attacked 273 servers out of 587, including those that control ATM transactions, Internet banking and credit card usage, and 1,073 A4 pages worth of information were taken during the past seven months. Prosecutors said that the North Korean cyber criminals watched the entire process through the laptop and when they thought the attack was successful they deleted all data related to the attack.
“The pattern used to spread malicious codes and the IP address of an overseas server used for the attack was identical to those deployed in previous cyber-attacks by the North,” the prosecutors’ office said.
The malware that infected the laptop was similar to the ones used in the distributed denial-of-service, or DDoS, attacks in July 2009 and in March of this year, while one of the Internet Protocol addresses was found to be identical to the one used in March. The March attack affected 30 government institutions and organizations, but didn't damage or disrupt many computers.
Government ministries -- including defense and unification -- the National Assembly, a military headquarters, sites for U.S. armed forces in South Korea and major banks were among those hit in March. Distributed denial-of-service attacks overload sites with data causing them to break down or stop functioning. The attackers reportedly injected malware into two peer-to-peer file-sharing Web sites, the National Police Agency said at that time.
In the security attack on Nonghyup, the prosecutor's office also noted poor attention to security management processes. "We investigated the IT center entry records and surveillance camera recordings to see whether Nonghyup insiders conspired with the hackers but didn't find any noticeable evidence," senior prosecutor Kim Yeong-Dae said.
"Workers were supposed to receive approval when taking computers in and out of the IT center and when taking one out, the computer should have been reformatted. But those in charge didn't. They also hadn't changed system passwords since last July, while they were supposed to do so every month," Kim said.
Nonghyup is under fire from regulatory authorities for their weak IT infrastructure. The bank, with around 5,000 branches, is struggling with more than 30,000 customer complaints and 1,000 compensation claims. After the attack, the company plans to invest 510 billion Won to improve IT security by 2015.
It is evident that organizations need to take proper measures to safeguard their network security to halt cyber intrusions and prevent cybercriminals from stealing sensitive business and customers’ information. One proven way to mitigate information security risks is through technical security training that will enhance the skills proficiency of the information security workforce. EC-Council has launched the Center of Advanced Security Training (CAST), to address the deficiency of technically proficient information security professionals.
Additionally, the all-new EC-Council CAST Summit series is also created to make advanced information security training opportunities available for information security professionals across the globe. It will be the excellent platform for any IT security professionals to acquire cutting edge skills by embarking on the CAST workshops, or further enhance their IT security knowledge by attending the one-day seminar.
The 3 days CAST Summit workshop covering current and important security topics such as penetration testing, application security, cryptography, network defense and mobile forensics training, and allows for participants to actually learn, and not just listen or be rushed through a short presentation like how it’s like in many other events or conference. All of these IT security trainings will only conducted by appointed EC-Council Master Trainers, some of whom are authors of the respective trainings.
About EC-Council
The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cybersecurity and e-commerce. It is the owner and developer of 20 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and Certified Security Analyst /Licensed Penetration Tester (ECSA/LPT).
EC-Council’s Center for Advanced Security Training (CAST) was created to address the need for highly technical and advanced IT security trainings for information security professionals. CAST programs stand out from others thorough their extreme hands-on approach. CAST offer programs that cover important domains such as advanced penetration testing, malware analysis, advanced social engineering, cryptography, digital mobile forensics training, and web application security, among others information security training.
EC-Council has trained over 90,000 security professionals and certified more than 40,000 members. Its certification programs are offered by over 450 training centers across 84 countries. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. Department of Defense via DoD 8570.01-M, the Montgomery GI Bill, National Security Agency (NSA) and the Committee on National Security Systems (CNSS).
Add Comment
Technology, Gadget and Science Articles
1. Carrefour Uae Grocery Data Scraping For Competitive InsightsAuthor: Food Data Scrape
2. Why Hr Software In India Is Essential For Improving Organizational Productivity
Author: savvyhrms
3. How Can Food Delivery Demand Forecasting Using Web Scraping In Usa Improve Accuracy By 78% In 2026?
Author: Retail Scrape
4. Ifood Brazil Market Intelligence Report 2026
Author: Food Data Scrape
5. Scrape Real-time Best Buy Api Across Usa For 100,000+ Skus
Author: iwebdatascraping
6. Scrape Ota Pricing Data For Travel Aggregators
Author: REAL DATA API
7. Scrape Keeta Real-time Food Delivery Data
Author: Food Data Scrape
8. How Does Ai-based Food Demand Forecasting Using Web Scraping With 92% Accuracy In Food Trends?
Author: Retail Scrape
9. How Can Hotels Get 25% Higher Revenue With Dynamic Pricing For Hotels Using Travel Demand Data Usa?
Author: Retail Scrape
10. Ota Data Scraping For Travel Demand Forecasting
Author: REAL DATA API
11. Dark Store Data Scraping Case Study: 15-min Europe
Author: Food Data Scrape
12. Amazon Seller Central Data Analytics
Author: Actowiz Solutions
13. Meituan One-time Restaurant Menu Data Scraping In France
Author: Food Data Scrape
14. Billing Errors Don't Just Cost Sales, They Cost You Loyal Customers
Author: Focus Softnet
15. What Makes Dynamic Pricing Analysis With Walmart Ecommerce Data Essential For Modern Retailers?
Author: Retail Scrape






