During the Lunar New Year, the sites of 12 research centers went offline at the same time. According to what he published on Telegram, the group would have chosen South Korea as a “training ground” and threatens new attacks. The Korean information security agency explained that only sites without sophisticated defense systems were affected.
Seoul () – The South Korean cyber security authority announced that the country suffered a cyber attack by a group of hackers. According to initial statements from the Korea Internet and Security Agency (KISA), the websites of 12 academic and research institutions were affected.
The attack occurred during the Lunar New Year celebrations, known in Korea as seollal, which lasted from Saturday to Tuesday. Many of the sites attacked by the hacking group, which self-identify as Xiaoqiying and likely of Chinese origin, remained inaccessible last night, with the logo and message left behind by the group still visible on their homepage. . At the bottom of the screen it states “we declare the invasion of the South Korean Internet network”.
There does not appear to be a connection between the institutions that suffered from this cyberattack, such as the Korea Association for Education, the Korea Research Institute for Construction Policy, and the Korean East-West Mind Science Association. What they would have in common is the vulnerability of their online sites, which do not have an encryption system that can protect them from cyber attacks.
According to the hackers, the affected sites number well over a dozen. Xiaoqiying claims to have compromised the computers of 79 South Korean educational institutions and stolen 54 gigabytes of data. In the message he left on the affected sites, the group warned of other imminent cyberattacks.
Some information about the hacker group can be found on his Telegram channel, where there are messages written in English and Chinese. There it is announced that South Korea will be used as a “training camp.” On the same channel, the group’s administrator said that the next target will be KISA itself.
The South Korean Agency has opened an investigation into the incident and for the moment has not officially confirmed if it really is Chinese hackers and especially if it is suspected that there are links to the Beijing government. On the first point, some clues have already appeared that would confirm the group’s Chinese origin.
On the real motive, however, there is still no hypothesis. A government official told the local press that the cyberattack that occurred during the holidays seems more like a demonstration of skill to penetrate South Korean computer networks. “The hackers knew where to get their hands on and it doesn’t seem like they were looking for financial gain,” he told The Korea Herald. South Korean police also opened a file on the attacks.