It is reported that Seoul Metro Hacking Incident actually occurred before March of 2014 rather than July, which is a month that was initially reported as a month when this incident occurred. Seoul Metro was actually hacked way earlier than July and it was defenseless for long period of time without taking any actions. Major group responsible for this attack is North Korea’s B hacking group that was also responsible for 3.20 Cyber Terror in 2013.

Cyber welfare research group called Issue Makers Lab (CEO Simon Choi) made an announcement on the 11th that it detected a fact that part of Seoul Metro’s PCs were controlled by North Korean group while it was tracing North Korea’s harmful codes on the 4th of March of last year. This is why it is estimated that Seoul Metro was actually hacked before March.

Seoul Metro had confirmed that its information was leaked from 3 PCs on the 23rd of July and reporter such incident to Seoul Metropolitan City’s Integrated Security Control Center and National Cyber Security Center. Seoul Metro once reported that recent inspection by government administration found that 58 PCs were infected by harmful codes and 213 PCs had unauthorized access. It explained that 2 PCs were extorted of its authority and 12 information regarding its business were leaked.

Photo Image
<It is known that Seoul Metro Hacking Incident actually occurred March, which is 4 months earlier than reported date. Reference = Issue Makers Lab>

Seoul Metro found out of such incident 4 months after when Issue Makers Lab perceived of this hacking incident, and there is no way to find out how much information was leaked during that time.

“Seoul Metro was not able to find out that it was hacked at an earlier time because it did not have any security control system or integrated log management system at that time. Because it could not confirm logs earlier than 6 months, we could not confirm the exact timing and the location that this hacking started spreading.” said Ha Tae Kyung who is a member of Saenuri Party.

Issue Makers Lab thinks that North Korea had started its attack with a code name ‘Train’ ever since it falsified homepage of Blue House in June of 2013. North Korea’s hacking group paralyzed Nonghyup and broadcasting network with its 3.20 Cyber Terror and instigated confusion in society by hacking into Blue House’s homepage with 6.25 Cyber Welfare. It continually attacked South Korea’s infrastructures even afterwards.

Photo Image
<Classification of North Korea’s cyber welfare groups. Reference = Issue Makers Lab>

Issue Makers Lab decided that this hacking incident was done by B Team. A Team is a group that hacked into Sony Pictures, and B Team usually attacks websites related to military and anything that is related to US Armed Forces in South Korea. B Team was responsible for 3.20 Cyber Terror and it usually goes after weak points of South Korea’s software ActiveX and web browsers. Its major IP bandwidth for its hacking activities is 175.45.178.X.

“It is my understanding that not only North Korea’s cyber welfare teams’ operations were performed in railroads at that time, but also many infrastructures including flights and others. It is estimated that major infrastructures were attacked last year as evidences were found that they were going after flights. There can be many organizations that have their information hacked and leaked and not know anything about it.” said CEO Simon Choi.

Staff Reporter Kim, Insoon | insoon@etnews.com