국내_주요_인터넷_사고_경험을_통해_본_침해사고_현황.pdf (2 MB)

KISA/KRCERT's 2013 Internet & Security Focus article reviews major South Korean Internet incidents from 2003 through 2013, including Slammer worm disruption, identity-theft and large-scale personal-data breaches, the 7.7 DDoS attacks, the 3.4 DDoS campaign, and the 3.20 and 6.25 cyber attacks. For DPRK-relevant tracking, it highlights the progression from 7.7 DDoS attacks against government, financial, media, portal, and security targets to the 3.4 DDoS campaign, which expanded the target set and used changing malware file sets and broader Windows coverage. The article describes the 3.20 attacks as destructive malware that damaged MBR/VBR data and disrupted major broadcasters and financial institutions, while the 6.25 attacks targeted government sites and other organizations soon afterward. Its main lesson is that Korean incident response needed coordinated prevention, faster information sharing, public-private cooperation, and stronger security practices because DDoS, data breaches, and destructive malware had become tools for large-scale social disruption.