NK uses S. Korean subway control system as hacking foothold

NK uses S. Korean subway control system as hacking foothold. January. 27, 2016 07:10. by 서동일, 곽도영 dong@donga.com,now@donga.com.

It was found that North Korea hacked the homepage of a South Korean company that is in charge of the production and management of subway control systems just before its fourth nuclear test. The system is currently used by subway operators in the Seoul metropolitan and regional areas.

According to Issue Makers Lab, a South Korean association for white hackers that monitors cyber terrorism by North Korea, said Tuesday the North Korean Army's reconnaissance bureau hacked the company's homepage with new malicious code in mid-December last year, one month before the North's nuclear test. Then the bureau stole homepage operator's rights and used it as a server that makes orders to new malicious codes. It played a role of where the codes should be infiltrated into, what files to take out from with these infiltrated codes and where these files will be sent to.

According to an analysis of the newly found malicious codes, it was found that the codes hacked Seoul Metro's key computer servers that manage Seoul subway lines of No. 1 to 4 and dominated them for more than five months. Back then, two servers including Seoul Metro PC management program operating server were hacked, resulting in infections of 58 PCs. Also, traces were found of an access from outside on 213 PCs. Currently, it is uncertain how much data were leaked from the company.

"We found that the IP address of the company was contained in the new malicious code, and after an investigation found that the rights of the homepage operator were completely transferred to the North Korean Army's reconnaissance bureau," said Simon Choi, head of Issue Makers Lab.