The Seoul Metro Corporation, the company that operates subway lines no. 1 to 4, was the victim of a hacking last year. The hacking attack installed malicious software and leaked files from three office computers.
The national intelligence service analyzed login data from last year March to August. The result is that during these 5 months 58 PCs had the same malicious software installed and the hacking software was connected to 213 other PCs in the administration network of the Seoul Metro. In total 12 files were leaked. The Seoul subway hacking was happening for at least 5 months, data from before March 2014 still has to be analyzed.
The hacking was an ‘advanced persistent threat’ with a similar code and method as the bank and broadcast channel hacking in March 2013. The national intelligence service assumes that North Korea is behind the attack.
According to the authorities, subway users don’t have to worry about their safety. The hacking affected administrative computers. The subway service is operated on a separated network with other PCs. The PCs in the offices aren’t connected to the subway operation network. The leaked files don’t contain any important information.
To improve safety, the Seoul Metro Corporation plans to disconnect the office computers from the Internet and implement a couple of other measures. All 4,240 computers are going to be formatted and an improved security system will be introduced.
The Seoul Metro Corporation records a large number of cyber attack attempts: 184,578 attacks in 2013, 370,713 cases in 2014 and until September 2015 a total number of 350,188 attacks.
Source: Yonhap News