North Korean Hackers Behind Hospital Data Breach in Seoul

The Korean National Police Agency (KNPA) has concluded that a cyberattack on Seoul National University Hospital (NSUH), one of the largest hospitals in the country, was the handiwork of North Korean hackers.

The attack occurred between May and June 2021.

The police report does not explicitly name any particular threat group, but it is believed that the Kimsuky group is responsible for the attack, according to South Korean media reports. Using seven servers based in multiple countries, including South Korea, the attackers infiltrated the hospital's internal network, leading to data exposure for 831,000 people, most of whom were patients.

After two years conducting analytical investigations to identify the threat actors, South Korean law enforcement stated they attributed the attack to North Korean hackers based on the intrusion techniques, website registration, the IP addresses linked to threat actors in that country, and the North Korean language and vocabulary used in the attack.

"We plan to actively respond to organized cyberattacks backed by national governments by mobilizing all our security capabilities," the KNPA stated in a press release, "and to firmly protect South Korea's cybersecurity by preventing additional damage through information sharing and collaboration with related agencies."