Cyberattack spree hits Korean universities, hospitals

Following a massive personal data breach at Coupang, authorities have confirmed a series of hacking attempts targeting about 20 smaller online retailers, universities, and hospitals.

On Jan. 7, the Ministry of Science and ICT said it had identified activity by an unidentified hacking group that stole internal data from domestic medical institutions and online retailers and sold it through a hacker community known as “Hacking Forum.” According to the government, a hacker using a specific nickname posted multiple messages on the forum between December and early January, claiming to offer personal data taken from South Korean institutions and companies for sale.

The affected organizations include Chungbuk National University, dormitories at Geumgang University, Samsung Neo Information, OfficeFind, the Seogwipo City Childcare Support Center, and Tiara Clinic, among roughly 20 entities. The leaked data is believed to include website user IDs and passwords, user names, and email addresses. Authorities said the compromised information may also contain sensitive records such as student dormitory access logs and hospital visit histories. If the breaches are confirmed, the government said the cases will be reported to the Korea Internet & Security Agency under the Network Act, with KISA providing support for cause analysis and the development of measures to prevent recurrence.

Security experts say cyberattacks are increasingly targeting small-scale distributors, educational institutions, and medical organizations that tend to invest less in cybersecurity while holding large volumes of personal data. According to a cyber threat trends report published last year by the Korea Internet & Security Agency, 93 percent of ransomware incidents, one of the most common forms of cyber intrusion, occurred at small and medium-sized enterprises.

One domestic research institute said it receives more than 600,000 cyberattack attempts, including phishing emails, in a single day. An industry official said hackers appear to be concentrating attacks on vulnerable targets within short time frames. The official added that the growing use of artificial intelligence and automated systems now allows attackers to launch hacking attempts against multiple organizations at once, contributing to a sharp rise in reported incidents.

The Ministry of Science and ICT and KISA said they plan to strengthen monitoring of the dark web and hacking forums to track the circulation of illegally obtained information involving domestic companies. The government has also posted security recommendations on the “KISA Protection Nation” website, urging organizations to apply operating system and software security updates and to inspect systems for well-known web server vulnerabilities. "The government will provide systematic technical support to affected companies, assist in developing measures to prevent repeat incidents, and bolster overall capacity to respond to cyber threats," a ministry official said.


최지원 jwchoi@donga.com