Hacking attempts from abroad targeting South Korean defense information nearly doubled last year, but no data was stolen, the Defense Ministry said Thursday.
The number of foreign hacking attempts involving South Korea’s defense information system -- all equipment and software related to the collection, processing, storage, transmission, reception and use of military information -- surged from about 4,000 in 2017 to 5,000 in 2018 and 9,533 last year, the ministry said.
Most of the IP addresses used by hackers last year were traced to China or the US, the ministry said, adding that most hackers use technology to conceal their locations.
The increase in hacking attempts prompted the ministry to build a multilayered protection system for its network, servers and computers.
An annual analysis and assessment of the vulnerability of the defense information system, however, showed that the latest security patches were not used, and the management of accounts and passwords left much to be desired.
The lack of a standardized checklist for security inspections across the defense information system made it difficult to anticipate cyberattacks.
The military does have checklists as part of its five-level warning system, called “information operations condition” or Infocon, which raises alerts that correspond to the level of the cyberthreat.
“We are looking for ways to prevent cyber intrusions and verify signs of cyberattacks on the defense information system in advance,” a military official said.
In September 2016, a significant amount of South Korean military information was leaked when hackers installed malware on the military’s internal network.
Some of the IP addresses used in the attacks were traced to Shenyang, China, and the malware was similar to the kind used by North Korean hackers.
In 2017 the ministry’s inspection team announced the results of an investigation that found that a North Korean hacking organization was probably behind the cyberattacks.