A year later, top court finally admits North may have hacked its network

In November of last year, suspicions were raised that the North Korean hacking group Lazarus was behind a malware attack in February on the Supreme Court's network. [GETTY IMAGES BANK]

The Supreme Court admitted on Monday that a North Korean hacking group may be behind last year's cyber attack on their network.

The top court's apology came three months after the allegation was first raised and a year after the attack occurred in February last year.

The Office of Court Administration (OCA) of the Supreme Court on Monday acknowledged that the attacker, likely connected to North Korea, seems to have leaked internal data and documents through its "advanced hacking tactics."

Personal data, including resident registration and tax certification, is assumed to have leaked from the attack.

In November 2023, South Korean media outlets reported allegations that the North Korean hacking group Lazarus was behind a malware attack in February last year on the Supreme Court's network.

The Supreme Court denied the suspicions at the time, arguing that while it had discovered malware codes and deleted them, "it couldn't confirm North Korea was the attacker, and no document leakage was found.”

As suspicion grew, the court started acknowledging some of the allegations, admitting that somebody or something attempted to attack the court's network and that circumstantial evidence pointed to a data leak.

Later, in December 2023, the National Intelligence Service announced that they would start an investigation into whether North Korea was behind the attack.

“According to the investigation, it was discovered that the court's network had been breached before Jan. 7, 2021.” Won Ho-shin, the head of the OCA’s information technology department, said on the court’s community website Monday. “The hacking techniques match those the North Korean hacking group used on government institutions.”

“We could not specifically identify what type of data was transmitted outside, even though we conducted in-depth forensics,” Won added. “Attempted intrusions included 26 PDF files, including private rehabilitation registration, resident registrations and local taxation documents.”

“We have notified individuals associated with the 26 documents suspected to have been leaked, as personal information was likely compromised," Won said. "We have also reported the incident to the Personal Information Protection Commission and the police. We will promptly implement protection measures if we confirm any personal information leakage.”

The court also issued an apology for the incident on Monday.

“We sincerely apologize for causing great concern to people, including users inside and outside the court,” the head of the OCA, Chun Dae-yup, said Monday on the Supreme Court website.

“We conducted a thorough investigation with experts, including security professional organizations, on the infiltration of the court’s network in February,” Chun said. “According to the investigation, we found that the attack was caused by an entity related to North Korea using highly sophisticated hacking techniques, which may have resulted in a leak of the court's data and documents.”

“The court conducted an internal investigation and implemented security measures to prevent further damage. However, due to technological limitations, obtaining a complete picture of the case was difficult,” Chun said. “The court is also fully alarmed considering the seriousness of the case.”

“Following the in-depth investigation, we immediately implemented necessary measures to protect personal information and will take further action if more facts are discovered.” Chun added. “We will re-examine the court’s overall network to prevent such cases from reoccurring in the future. We are also planning on establishing comprehensive measures, including restructuring the department in charge of the case.”

BY KIM JEONG-YEON [kim.jiye@joongang.co.kr]