1,000GB of personal information leaked from North Korean hacker group ”Lazarus” court network = South Korea

It has been confirmed that the North Korean hacker group "Lazarus" has infiltrated the computer network of a South Korean court and stolen over 1,000 GB of personal information and other documents.
It has been pointed out that the court did not inform investigative authorities for nine months after it became aware of the case, hindering efforts to determine its cause.
On the 11th, the Korean National Police Agency announced that "Court computer network hacking and data leaking
As a result of a joint investigation by the police, the National Intelligence Service, and the Prosecutor's Office into the "Case," 1,014 GB of court documents were transferred to the court computer from before January 7, 2021 to February 9, 2023.
The police confirmed that 5,171 files (4.7 GB) related to the Kaisei case were taken out of the court's computer network.
The police provided information on the 5,171 leaked files to the court on the 8th of this month. Prior to this, the Judicial Administration Office posted on its website on March 4th of this year, "Attacks suspected to be from North Korea.
"It has been confirmed that the subject used sophisticated hacking techniques to infiltrate the computer network of the Ministry of Justice and is highly likely to have leaked internal court data and documents to the outside," the statement said.
We would like to apologize for the concern and inconvenience caused." The Court Administrative Office first became aware of the hacking attempt in February of last year, but did not disclose it to the public.
Police clarified their position after the fact was reported in the media in November of the same year. The police said that the hacker group had been infiltrating the court's computer network since at least January 7, 2021.
However, detailed records of the security equipment had already been deleted at the time, making it impossible to determine when and why the initial intrusion occurred.
A police source said, "The court did not report this fact to the investigative agency before, and the investigative agency only reported it in November last year.
"We launched an investigation after seeing the reports," he said. "After becoming aware of the case, we confirmed that the court conducted its own investigation and took follow-up measures."
As a result of the investigation, it was found that the malicious program had been installed on four Korean servers for two years before it was discovered.
A total of 1,014 GB of data was transferred to all four overseas servers. Police traced this back and identified some of the leaked data.
The 5,171 leaked documents related to personal recovery include handwritten statements containing personal information, statements of increased debt,
・The documents included a statement of reasons for non-payment, a marriage certificate, and a medical certificate. Based on the malicious programs used, the details of server payments (virtual assets), and IP addresses, the police are investigating the North Korean hacker group.
A police official said, "We are urging people to change everything from their passwords to their account numbers to prevent secondary damage," and "We will continue to cooperate closely with related agencies both at home and abroad."
"We plan to proactively respond to cyberterrorism incidents that threaten national security by tracking the virtual assets that fund hacker groups' activities," he said.