Anti-Malware , Data Breach , Data Loss
South Korean Resettlement Agency Breach Traces to Malware-Laden Email(euroinfosec) • December 28, 2018 South and North Korea complete field verification of the withdrawal of guard posts from within their demilitarized zone on Dec. 12, 2018. (Source: South Korea's Ministry of National Defense)South Korean officials say that personal information for 1,000 North Korean defectors has been stolen via a malware attack.
See Also: Third-Party Cyber Risk Management - A Data-Driven Approach
The Ministry of Unification, an executive department of the South Korean government aimed at promoting Korean reunification, says that the information was being stored by a privately run Hana Center in the province of Gyeongbuk, aka North Gyeongsang.
The leak exposed the names, birth dates and addresses of 997 defectors who live in that region, officials say. All of the affected individuals have been contacted, they add.
"Currently no harm or damage has been observed due to the leak," a Unification Ministry spokesman tells CNN.
Hana Centers were set up by the South Korea government in 2010 to help North Korea refugees integrate into and establish stable lives in the country by helping with counseling, resettlement costs, medical expenses, children's education and employment.
Today 25 centers support about 30,000 North Korean refugees living in South Korea.
A message on the Gyeongbuk Hana Center homepage says "it was confirmed to have been leaked around November 2018," reports South Korea's SBS News.
Officials say they suspect the loss of information traces to a center employee opening malware attached to an email. That raises the prospect that the centers may have been directly targeted via a phishing attack.
"Recognizing a possibility of one personal computer at the Hana Center in North Gyeongsang Province having been hacked, we carried out an onsite probe on Dec. 19 in cooperation with the provincial government and the center and confirmed the computer was infected with a malicious code," according to a statement issued by the Ministry of Unification, South Korea's Yonhap News reports.
"In that computer, there was a file containing personal information of North Korean defectors," it added. "The file was confirmed to have been leaked."
The leaked data does not appear to have been publicly released.
The headquarter of South Korea's Ministry of Unification in Seoul. (Source: Hnc197, via Wikimedia Commons)The ministry says this is the first known case of defectors' personal details leaking. It's launched a complete information security review of all Hana Centers, and plans to disconnect any system that stores sensitive data from the internet.
"We deeply apologize to the many escapees from North Korea who have been affected by the incident, and will take measures to ensure that private information is protected," the ministry says in a statement.
Police Investigation Continues
Officials say police continue to investigate the leak. They have named no suspects, but attention has naturally turned to hackers working for the Pyongyang-based regime of North Korean leader Kim Jong-Un.
North Korean refugees living in South Korea remain at unknown risk from North Korea, which is officially known as the Democratic People's Republic of Korea. It's also not clear if any of their relatives still living in North Korea might face reprisals, should the escapees' identities be confirmed.
What is known is that anyone who tries to escape from North Korea does so at considerable risk to themselves and their families.
Exiles from North Korea have reported that anyone caught trying to escape the country is treated as an enemy of the state and sent to political prison camps, Human Rights Watch reports.
Repatriated North Koreans who have fled to China - where they are considered illegal aliens and often returned, whatever their asylum claims - may face "interrogation, torture, sexual abuse and forced labor," former North Korean officials have told Human Rights Watch.