Hackers breach and steal data from South Korea's Defense Ministry

Government says hackers breached 30 computers and stole data from 10.

Hackers have breached the computer systems of a South Korean government agency that oversees weapons and munitions acquisitions for the country's military forces.

The hack took place in October 2018. Local press reported this week[1, 2, 3] that hackers breached 30 computers and stole internal documents from at least ten.

The breached organization is South Korea's Defense Acquisition Program Administration (DAPA), an agency part of the Ministry of National Defense.

It is believed that the stolen documents contain information about arms procurement for the country's next-generation fighter aircraft, according to a news outlet reporting on the cyber-attack.

Reports claim that hackers gained access to the server of a security program installed on all government computers.

Named "Data Storage Prevention Solution," the app is installed on South Korean government computers to prevent sensitive documents from being downloaded and saved on internet-connected PCs.

According to reports, hackers gained admin access to the software's server and used it to siphon documents from connected workstations.

The country's intelligence agency (NIS, National Intelligence Service) investigated the breach in November and reported its findings to government officials, who disclosed the cyber-attack to the public this week.

Government officials didn't pin the blame on North Korean hackers, as they usually do, although it wouldn't surprise anyone if they did, as North Korea has often launched cyber-espionage and intelligence collection operations against its southern neighbor.

For example, in October 2017, South Korea accused North Korea of hacking and stealing the South's secret joint US war plans, which included detailed plans to attack the North in case diplomatic relations deteriorated to a point where military action was needed.

More cybersecurity news: