The Korea Herald


S. Korean court network hit by malware infection

By Lee Jung-joo

Published : Dec. 1, 2023 - 17:00

    • Link copied

Supreme Court of Korea (Getty Images Bank) Supreme Court of Korea (Getty Images Bank)

South Korea's Supreme Court belatedly revealed that it had confirmed the infection of computers used in courts with malware earlier this year. However, the court said it could not conclusively determine the connection of cyberattacks to North Korea.

"Earlier this year, a malware infection was detected during a routine cybersecurity scan," the Office of Court Administration of the Supreme Court said in a statement issued Thursday. "During our response to the malware detection, we identified that malicious data was emanating from a virtual PC."

By default, the Supreme Court’s computers can only access the internal network for security reasons and only a few virtual PCs can access external networks after going through a special process.

The Office of Court Administration also said it was unable to confirm the leakage of legal documents and others.

The Office explained that the compromised server was responsible for temporarily storing case documents before deletion, making it challenging to ascertain what, when, how and the extent to which the data was leaked.

Court servers store substantial amounts of data, encompassing not only documents authored by the court, but also written accusations, pleadings, written defenses and preparatory documents submitted by the involved parties to a court trial.

If such materials are leaked, it poses a potential compromise to court trials.

Some suspicions were raised regarding the involvement of Lazarus Group, North Korea's state-sponsored hacking group, in infiltrating the court network to steal data. However, the court denied these speculations, elucidating that the malware attack "cannot conclusively be attributed to Lazarus."

The Office of Court Administration affirmed that essential measures were taken to eliminate the malware, and there have been no subsequent malware infections or detected hacks since then.