The Korea Herald


Seoul’s spy agency accuses China of major cyber attacks

North Korea trying to work generative AI into hacking operations

By Kim Arin

Published : Jan. 24, 2024 - 17:10

    • Link copied

Baek Jong-wook, the deputy director of the National Intelligence Service, speaks during a conference on Wednesday at a venue in Seoul. (NIS) Baek Jong-wook, the deputy director of the National Intelligence Service, speaks during a conference on Wednesday at a venue in Seoul. (NIS)

South Korean spy agency on Wednesday reported a significant uptick in attempts of cyber attacks by foreign sources last year, waged mainly by North Korea and China. Chinese attacks tended to inflict more severe damage than North Korean ones, despite the latter being more frequent.

The National Intelligence Service said cyber attacks against the public sector increased by 36 percent overall last year compared to the year before. North Korea accounted for 80 percent of those attacks, and China, 5 percent.

But rated in terms of the severity of damage, attacks by Chinese sources were responsible for 21 percent of total “cyber security incidents of high significance” over the year. North Korea was responsible for 68 percent of significant attacks.

The spy agency did not state whether the cyber attacks could be attributed to the Chinese government, referring to them only as attacks “from China” or “by Chinese sources.” The agency said it was unable to reveal whether the attacks were state-backed for foreign relations reasons.

Chinese cyber attacks were characterized by a “slow and stealthy infiltration,” the spy agency said, intended to reduce its chances of being exposed.

In one instance, Chinese hackers infiltrated into the servers of a South Korean company and snatched information on its customers and commercial secrets for several years by stashing malware disguised as an open software.

Amid a heated space race, cyber attacks on ground stations aimed at gaining control of satellites were becoming more prevalent, the spy agency said.

Some major attacks of Chinese origin were believed to have targeted the satellite network systems here, according to the spy agency, intercepting signals transmitted through communications.

Besides hacking into South Korean government services, China was suspected of waging influence campaigns to spread pro-Beijing propaganda.

In November last year, the spy agency busted China-made websites generating “pro-China” and “anti-US” stories for South Korean audiences online. To look authentic, the websites mimicked the features of actual news outlets here.

The spy agency warned of an increase in cyber security threats intended to sway public opinion and possibly interfere with the parliamentary election slated for April.

South Korean national defense ministry has similarly highlighted the heightened risk of foreign cyber operations in the run-up to the election. Shin Won-sik, the defense minister, told The Korea Herald on Monday that the country “must brace for the threat of cyber psychological warfare in the form of large-scale hacking and the spread of disinformation.”

In October last year, the spy agency announced it found security flaws in the servers of the National Election Commission following a 12-week inspection. The election watchdog agreed to the cyber security inspection after being informed by the spy agency of at least seven counts of North Korean attacks in the past two years.

The spy agency said that it was in the final stages of addressing the security vulnerabilities of the election watchdog’s servers, to be completed before the parliamentary election.

Unlike Chinese attackers, the spy agency said North Korea often acted quickly, changing targets and directions of operations at the orders of its leader, Kim Jong-un.

In the beginning of last year, North Korea’s army of hackers tried to attack South Korean agricultural and fisheries organizations after Kim ordered them to address food shortages.

Then in August and September, when Kim stressed the importance of the country’s naval forces, his hackers stole designs and other data from South Korean shipbuilders. In October, in response to the North Korean leader’s calls for more drones, they tried to get the related technology from defense companies of South Korea and 25 other countries.

The spy agency said North Korea was in the process of integrating generative artificial intelligence into its hacking tools and techniques. There was no known instance of a North Korean cyber attack involving generative AI yet, it added.

The spy agency cited quantum encryption as one of the emerging challenges in the cyber security landscape. The agency was working with private industries and research institutions to develop solutions to defend against quantum computer-based attacks.

To enhance cooperation with allies in cyber defense, the spy agency said it was planning to launch the Cyber Summit Korea workshop in September under the theme of a “step ahead for global cyber security.”