Six Institutes Including KIDA Attacked By Hacking Program

The National Cyber Security Center (NCSC) made an official announcement on June 19 saying that computers of six national institutes, including the Korea Institute of Defense Analyses (KIDA), the National Maritime Police Agency (NMPA), and the Korea Atomic Energy Research Institute (KAERI) were recently attacked by a hacking program called “Variation Peep.”

The NCSC said, “Nine computers at the KIDA, 22 at the NMPA, 30 at the KAERI, and one computer each at the Agency for Defense Development (ADD), the Ministry of Maritime Affairs and Fisheries (MMAF), and the Small and Medium Business Administration (SMBA) were confirmed to have been infected by the hacking program up to today,” and added, “52 computers in the private sector such as private homes, universities, and distribution enterprises were also exposed to the hacking program.”

The Police Agency reported on April 29 that “an unidentified person who disguised as an employee from a domestic munitions company sent an email to a researcher at the KIDA and after an investigation, confirmed that the institute was harmed," the NCSC explained.

The NCSC said that they blocked the information outflow by closing the site used for a hub for hacking, with the cooperation of the Ministry of Information and Communication (MIC), the Defense Security Command (DSC) and the Police Agency, as soon as it found out that the computers were infected by a hacking program. It also said that it took emergency measures, including distributing vaccine programs and updating systems for defense from further attacks.

The program in question, the “Variation Peep” uses an attack method similar to the “Trojan Horse” virus, which spreads when a user opens an attached file to an email, and which was made last year and spread to Taiwan at the beginning of this year. It inflicted enormous damage, including information outflows from public and private institutes.

Clicking an attached file to an email automatically results in an infection from this hacking program, and the hacker can freely open, edit and delete saved data, as well as send files by remote control of the infected computer.

Meanwhile, the DSC clarified that it has never been cracked by a hacker, and they reconfirmed that the NCSC did not include it on its list of infected agencies in the announcement.

Jung-Hun Kim jnghn@donga.com