North Korean Hackers Behind Hospital Data Breach in Seoul

Data on more than 830K people exposed in the 2021 cyberattack.

Dark Reading Staff, Dark Reading

May 11, 2023

1 Min Read
an image of a keyboard with the return key colored in with the North Korean flag and the word "hack"
Source: David Carillet via Shutterstock

The Korean National Police Agency (KNPA) has concluded that a cyberattack on Seoul National University Hospital (NSUH), one of the largest hospitals in the country, was the handiwork of North Korean hackers.

The attack occurred between May and June 2021.

The police report does not explicitly name any particular threat group, but it is believed that the Kimsuky group is responsible for the attack, according to South Korean media reports. Using seven servers based in multiple countries, including South Korea, the attackers infiltrated the hospital's internal network, leading to data exposure for 831,000 people, most of whom were patients.

After two years conducting analytical investigations to identify the threat actors, South Korean law enforcement stated they attributed the attack to North Korean hackers based on the intrusion techniques, website registration, the IP addresses linked to threat actors in that country, and the North Korean language and vocabulary used in the attack.

"We plan to actively respond to organized cyberattacks backed by national governments by mobilizing all our security capabilities," the KNPA stated in a press release, "and to firmly protect South Korea's cybersecurity by preventing additional damage through information sharing and collaboration with related agencies."

About the Author

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights