Seoul [South Korea], October 19 : The interior ministry of South Korea said on Friday that it has strengthened security measures for online systems of the government, after detecting signs of hacking of the government's administration platform, Yonhap news agency reported.
According to Yonhap, the move comes after Phrack, an online cybersecurity publication, reported that in August this year, the South Korean government branches and companies appeared to have been targeted by hackers.
Phrack had earlier reported that the North Korean hacking group Kimsuky was behind the attack.
As per the report by Yonhap, signs of hacking were reportedly detected in the interior and foreign ministries, the military, the prosecution, as well as major companies, including Kakao Corp., Naver Corp., KT Corp. and LG Uplus Corp.
"In mid-July, (we) confirmed signs through the National Intelligence Service (NIS) that an external internet PC accessed the Onnara system via the Government-Virtual Private Network (G-VPN)," the ministry said as reported by Yonhap.
It further noted that the Onnara system is the government's online work platform, which manages official documents and handles internal workflow.
As per Yonhap, the ministry said it strengthened security measures in response by requiring officials to go through extra authentication procedures when connecting to G-VPN for remote work.
It further noted that the ministry said government public key infrastructure (GPKI) certificates of 650 officials were also presumed to have been targeted. GPKI certificates are used by public officials for authentication.
While most of the certificates had been expired, the three that remained valid were scrapped as of August 13.
As per Yonhap, the ministry said it plans to replace the GPKI-based authentication system with a biometric system when public officials access the government's internal administrative system.
Yonhap said that officials suspected of the certificate information getting leaked due to user carelessness.