Seoul National University Hospital (SNUH) breached by North Korean hackers

An investigation by the Korean National Police Agency (KNPA) confirmed that North Korean hackers had breached the network of the country’s largest hospital, Seoul National University Hospital (SNUH), in a cyber incident between May and May June 2021.

 

The police conducted an analytical investigation in the past two years, and the attack was attributed to North Korean hackers based on their intrusion techniques, IP addresses, website registration details, and the use of specific North Korean vocabulary.

 

Local South Korean media linked the attack to the Kimsuky hacking group, but the KNPA report does not mention the threat group. The attackers launched the attack on the hospital’s internal network using seven servers in South Korea and other countries.

 

According to the police, the incident exposed data for 831,000 people, most of whom were patients. In addition, 17,000 of those affected are current or former hospital employees.

 

According to the KNPA press release, North Korean hackers may attempt to infiltrate information and communication networks across various industries. It emphasized the importance of improved security measures and procedures, such as installing security patches, managing system access, and encrypting sensitive data.