Latest news with #KimSeung-joo
Korea Herald
21-05-2025
- Korea Herald
Who hacked S. Korea's largest telecom, and why? Growing concerns the SKT data breach wasn't just about money
Some suspect a sophisticated Chinese hacking group may be behind the attack, raising potential alarms over cyber security Nearly three years before South Korea's largest telecom provider knew anything was wrong, hackers had already broken into SK Telecom's internal systems. This detail emerged from a briefing this Monday by the government's public-private joint investigation team, which is probing one of the country's most serious cybersecurity breaches in recent memory. The attackers first embedded malware on June 15, 2022, according to the investigation. That software remained hidden until last month, when over 9 gigabytes of sensitive SIM-related data tied to approximately 25 million subscribers, including customers of SKT's budget MVNO carriers, was suddenly exfiltrated. Among the leaked data were 21 types of subscriber-related information, including identification numbers and SIM authentication credentials. What hasn't been confirmed, however, is whether call records or other highly sensitive personal communications data were taken. SK Telecom has said its call detail records (CDRs) are encrypted, but encryption alone may not be enough, warns Professor Kim Seung-joo of Korea University's Graduate School of Information Security. 'Even encrypted data is vulnerable if the keys aren't securely managed,' he said in a separate media interview on Tuesday. 'The same thing happened to nine US telecoms last year.' CDRs are highly valuable in state-backed cyber operations. Unlike credit card data, they reveal patterns of communication and movement, making them ideal for tracking public officials and institutions, he explained. The malware discovered on SK Telecom's servers included BPFdoor, a backdoor tool also used by Salt Typhoon, the Chinese-linked group behind the attacks on AT&T, Verizon and T-Mobile. South Korean investigators have not confirmed the attribution, but suspicion is growing. Professor Lim Jong-in, a cyber defense expert at Korea University, told local radio on Wednesday morning that he suspects the Chinese hacking group Red Mansion may be behind the intrusion. They are known for APT-style cyberattacks -- operations that are typically slow-moving, well-funded and thus conducted by nation-state actors rather than ordinary cybercriminals. APT stands for Advanced Persistent Threat. 'Their yearslong persistence and stealth tell you this wasn't just about stealing data for profit,' said Professor Yum Heung-yeol, another cybersecurity scholar at Soonchunhyang University, according to a local media report on Wednesday. 'To compromise a core telecom operator without any spies or insider cooperation is not something amateur hackers can do.' So far, no customers have reported cloned phones, suspicious charges or extortion attempts. That silence and the long-term nature of the breach, the experts have all said, makes financial motives unlikely. 'We are looking into multiple possibilities, including whether the attack was to steal data or to establish long-term access to deeper systems,' said Ryu Jae-myeong, director-general of network policy at the ICT Ministry involved in the joint investigation team.
Korea Herald
23-02-2025
- Korea Herald
North Korea shows signs of ramping up ChatGPT use
Concerns grow over North Korea's advance in use of AI in fraud, scams North Korea is showing signs of incorporating ChatGPT in its operations, adding to concerns that artificial intelligence technology could be used to advance the reclusive regime's cybercrimes. Pyongyang was seen educating its intellectuals about ChatGPT, a generative artificial intelligence chatbot developed by a US AI research organization OpenAI, in a video released by a North Korean external propaganda outlet Saturday. Members of an AI research institute at Kim Il Sung University, North Korea's top university, were seen using a program titled 'GPT-4 Real Case: Writing' on their computers, in a report by Voice of Korea. The program focused on teaching how ChatGPT produces text based on user input. Han Chol-jin, a researcher at the institute, told the outlet that they were 'teaching methods to deeply learn an advanced technology and ways to make it our own.' As internet access is generally unavailable in North Korea, with some citizens only having access to the country's national intranet called Kwangmyong, it is unknown whether the researchers had access to the actual ChatGPT site. The Voice of Korea report closely followed OpenAI's decision to ban user accounts from North Korea. The ChatGPT maker claimed that several North Korean-linked accounts misused the chatbot program to create fake resumes, online job profiles and cover letters as part of the regime's widely reported employment scheme. "The activity we observed is consistent with the tactics, techniques and procedures Microsoft and Google attributed to an IT worker scheme potentially connected to North Korea," OpenAI said in a recent report. "While we cannot determine the locations or nationalities of the actors, the activity we disrupted shared characteristics publicly reported in relation to North Korean state efforts to funnel income through deceptive hiring schemes, where individuals fraudulently obtain positions at Western companies to support the regime's financial network," it added. Pyongyang has been accused of running employment hiring schemes in which North Korean IT workers use false identities to get hired and work remotely for US companies. The workers would then funnel their wages to support the development of their country's nuclear weapons program. In January, Google's Threat Intelligence Group, an intel squad within the US-based tech company, revealed that North Korean hackers were using Google's Gemini chatbot to illegally gain access to information on the South Korean military and cryptocurrency. Experts expressed concerns about a spike in crypto thefts and other malicious cyber activities by North Korean hackers with their increased use of AI technology. 'With the use of generative AI, North Korea now faces a lower language barrier (when committing crimes) and significantly less money when plotting and carrying out schemes,' Kim Seung-joo, a professor at Korea University's School of Cybersecurity said. North Korean hackers stole some $659 million worth of crypto assets in a series of multiple hacks throughout 2024, according to a joint statement released by the governments of South Korea, the US and Japan last month.
