A group of hackers under North Korea’s Reconnaissance General Bureau are believed to be behind the recent hacking of a major hospital in South Korea.
Rep. Ha Tae-kyung of the main opposition People Power Party said investigations revealed the group of cybercriminals known as Kimsuky likely hacked Seoul National University Hospital in June, Seoul Economic Daily reported.
Choi Sang-myeong, a South Korean cybersecurity expert and chief executive of Seoul-based Issue Maker Lab, investigated the hacking on behalf of Ha’s office.
Choi said his findings indicate that a malicious code previously used by Kimsuky matched a security threat identified in the hospital breach, according to Chosun Ilbo Thursday.
Seoul National University Hospital has said that the cyberattack took place from June 5-11. One idle server and 62 workstations were breached. A total of 6,969 files, many of them patient records, were broken into, according to the hospital.
Ha said Thursday that “important medical information about patients may have been transferred to North Korea,” without providing specific details.
The university hospital is one of South Korea’s leading healthcare systems. At least one former South Korean president and top business executives have received treatment at Seoul National University, according to the Chosun.
Park Won-gon, a professor of North Korea studies at Ewha Womans University in Seoul, told Seoul Economic Daily that North Korea-affiliated hackers were likely looking for data on coronavirus disease 2019 vaccines.
The hackers also could be seeking to do “damage to the South Korean government,” Park said.
Last year Microsoft said at least nine health organizations, including Pfizer, had been the target of attempted hacking by North Korea-backed organizations.
In December, Kimsuky was linked to a fake online site designed to fool employees at South Korea’s Yonsei University Health System.