160831_ìì_ë³ë_ìííí_êììë³_ì¹íìê³_ììê²ê³¼_ëí.pdf (384 KB)

A South Korean public-private investigation attributed the Interpark customer-data breach and extortion case to North Korea's Reconnaissance General Bureau, citing analysis of police-provided evidence and on-site investigation. The attacker initially infected an employee PC through spearphishing, spread malware to multiple endpoints, collected internal information, and gained control of a PC used by personnel with access to personal-data systems. Investigators found the attacker abused weaknesses in password management and server access controls, reached the database server, split files containing 26,658,753 member records into 16 parts, and exfiltrated them through employee PCs. The case mattered operationally because it showed a full intrusion path from social engineering to internal movement, credential/access-control abuse, database theft, and external exfiltration against a major Korean online service.