230511ECA1B0EAB084EC9AA9_EC849CEC9AB8EB8C80EBB391EC9B90_ED95B4ED82_VVk77cS.pdf (206 KB)

South Korea’s National Police Agency attributed the 2021 Seoul National University Hospital breach to a North Korean hacking organization after investigating the compromise and data exposure. Investigators said the attackers controlled seven domestic and overseas servers from around May to June 2021, exploited a vulnerability in the hospital server to enter the internal network, and exposed or are suspected of exposing personal data for about 830,000 people, including roughly 810,000 patients and 17,000 current or former employees. The attribution was based on overlap with previously identified North Korea-linked cases, including source IP addresses, site registration information, IP laundering methods, intrusion and management techniques, and use of North Korean vocabulary. Police shared intrusion methods, tools, and defensive recommendations with the victim and related agencies, warning that critical networks in healthcare and other sectors should strengthen patching, access controls, and encryption of sensitive data.