It has been found that the Chungho Easy Cash ATM server hacking, which continued from September last year to March this year, was committed by North Korean hackers and the financial information compromised by the hacking was handed over to and illegally used by three South Koreans and one Korean Chinese.
After the incident was uncovered, the Korean National Police Agency inspected every one of the 63 ATMs run by Chungho Easy Cash. Then, it found out that the techniques used for the hacking were identical in many aspects to last year’s cyber attacks targeting South Korean national organizations and large corporations. Specifically, the hackers took advantage of the vulnerabilities of a vaccine update server as in the case of last year and the malicious codes used during the incident were identical in nature to those used last year. The same server as used last year was used during the recent incident, too.
The Korean National Police Agency recently announced that it has yet to find out who received the financial information from the North Korean hackers for the first time and how much money has been sent to North Korea so far.
According to the police, a total of 238,073 pieces of financial information have been compromised by the hackers and credit card duplication based on the information has resulted in 102.64 million won (US$92,000) in lost money, including 88.33 million won (US$79,000) in withdrawn cash and 10.92 million won (US$9,800) in payment.