Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

APT

North Korea-linked APT breached the Seoul National University Hospital

The Korean National Police Agency (KNPA) warns that a North Korea-linked APT group had breached the Seoul National University Hospital (SNUH). The Korean National Police Agency (KNPA) revealed that a North Korea-linked APT group has breached one of the largest hospitals in the country, the Seoul National University Hospital (SNUH). The security breach took place […]

Seoul National University Hospital North Korea

The Korean National Police Agency (KNPA) warns that a North Korea-linked APT group had breached the Seoul National University Hospital (SNUH).

The Korean National Police Agency (KNPA) revealed that a North Korea-linked APT group has breached one of the largest hospitals in the country, the Seoul National University Hospital (SNUH).

The security breach took place between May and June 2021 and was aimed at stealing sensitive medical information and personal details. Experts speculate the attackers were looking for information belonging to high-profile figures who got medical treatment at the hospital

According to South Korea’s National Police Agency, the nation-state actors gained access to the intranet of Seoul National University Hospital (SNUH) in 2021, and stole the personal information of about 830,000 patients and workers, including 17,000 current and former hospital employees

The attack did not impacted the operations at the South Korean hospital.

The attribution of the attack to North Korea is based TTPs observed by the National Police Agency, including IP addresses, the used of specific words in the North Korean vocabulary, and the anonymization techniques involved in the attacks. The South Korean Police did not attribute the attack to a specific APT group, however, local media speculate it was coordinated by the Kimsuky APT.

“The origin of the IP address and the method of address laundering used in the attack matched those of North Korean hacking groups used in their previous hacking attacks, officials said.” reported the YonHap News agency.

Kimsuky cyberespiona group (aka ARCHIPELAGO, Black Banshee, Thallium, Velvet Chollima, APT43) was first spotted by Kaspersky researcher in 2013. At the end of October 2020, the US-CERT published a report on Kimusky’s recent activities that provided information on their TTPs and infrastructure.

The APT group mainly targets think tanks and organizations in South Korea, other victims were in the United States, Europe, and Russia.

In the latest campaign, the state-sponsored group focused on nuclear agendas between China and North Korea, relevant to the ongoing war between Russia and Ukraine.

Seoul National University Hospital North Korea

According to the Korean National Police Agency (KNPA)’s report, the state-sponsored hackers used at least seven servers in South Korea and other countries to launch the attack.

The KNPA also warns that North Korean APT groups might attempt to infiltrate information and communication networks across various industries. The agency urges organizations in the country to adopt a proper security posture, by implementing an efficient patch management strategy, enforcing managing system access, and encrypting sensitive data.

“We plan to actively respond to organized cyber-attacks backed by national governments by mobilizing all our security capabilities and to firmly protect South Korea’s cyber security by preventing additional damage through information sharing and collaboration with related agencies,” warned the KNPA.

“The National Police Agency is mobilizing all its security capabilities against organized nation-state operations while actively responding to them. Information sharing and collaboration with other agencies will allow to protect Korea and prevent damage.”

We are in the final!

Please vote for Security Affairs (https://securityaffairs.com/) as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections where is reported Securityaffairs or my name Pierluigi Paganini

Please nominate Security Affairs as your favorite blog.

Nominate Pierluigi Paganini and Security Affairs here here: https://docs.google.com/forms/d/e/1FAIpQLSepvnj8b7QzMdLh7vWEDQDqohjBUsHyn3x3xRdYGCetwVy2DA/viewform

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Kimsuky)