Malicious Code Detected in Chinese-Made Equipment Delivered to Korean Gov’t

Malicious code has been discovered in Chinese-made measurement devices supplied to government agencies. The National Intelligence Service (NIS) reported that the malicious code was pre-installed in the Chinese equipment before delivery, and they have decided to investigate all Chinese-made devices delivered to government agencies. The NIS also revealed that cyberattacks from North Korea, China, and Russia are on the rise, including incidents of North Korean hackers disguising their identities to apply for jobs at domestic companies.

The NIS held a press-invited cybersecurity conference at the National Cyber Security Collaboration Center located in Pangyo Techno Valley in the Bundang district of the city of Seongnam in Gyeonggi Province on July 19. They announced cases of recent cyberattacks on domestic government agencies, local government bodies, and companies from North Korea, China, and Russia. The NIS, responsible for the security and control of government agencies and local governments, stated, “An average of 1.37 million attacks per day have been detected by international hacking organizations this year, with 70% of them linked to North Korea, followed by China and Russia.”

Last month, malicious code pre-installed in equipment manufactured by a Chinese company and supplied to domestic government agencies was found. The NIS announced, “We immediately commenced a joint full-scale investigation with relevant agencies into Chinese-made network equipment and similar devices such as CCTVs supplied to domestic government agencies and local governments.” Baek Jong-wook, the third vice director of the NIS, said, “We have carried out about 30% of the full-scale investigation, and additional malicious code has been confirmed in one of the roughly 10,000 Chinese-made devices.”

The NIS also revealed recent cases where North Korean hackers were caught trying to get jobs at overseas branches of domestic companies by forging passports and graduation certificates, and cases where they replicated Naver news pages to hijack email accounts. The leakage of the personal information of over 1,000 domestic credit card users was also reported.

With the general elections coming up in April next year, the NIS predicted that cyberattacks from North Korea will intensify. Baek Jong-wook stated, “With our general election and the U.S. presidential election approaching, there is a possibility that internet influence operations aiming to induce changes in consciousness or behavior will intensify.” He added, “The NIS will actively respond to cyberthreats in cooperation with allied countries and the private sector.”