Back to Data breach

Data breach

Hackers stole information from South Korea's defense ministry systems

In January 2019, a cyberattack was reported by South Korea’s Defense Acquisition Program Administration (DAPA),the national defense agency in charge of military arms procurement such as next-generation fighter jets.

What happened?

In October 2018, South Korea's National Intelligence Service detected suspicious traffic on its intellectual property servers and reported it to the arms procurement agency. Around 30 DAPA computers were targeted by unidentified hackers, out of which 10 systems were compromised. Attackers managed to steal internal documents on acquisitions of various weapons systems.

The attack coincided with a cybersecurity attack on the Liberty Korea Party Representative Baek Seung-joo’s email account. It’s possible that hackers infiltrated the government's computers simultaneously. The arms procurement agency's internal investigation revealed that no confidential data was compromised in the attack. As cyberattacks have continued on South Korean government facilities, concerns are increasing regarding their cybersecurity capabilities.

Don't want to make the news for the wrong reasons? Download ManageEngine Log360, the tool that can help combat internal and external security attacks.

How ManageEngine can help

Log360, our comprehensive SIEM solution, can help your organization:

  • Identify cross-site scripting (XSS) attacks, malicious file installations, DoS attacks, SQL injection, and more with its real-time correlation capability. Alert security teams in real time about events that require their immediate attention, such as account lockouts, security group membership changes, unauthorized access attempts to files or folders, and network attacks.
  • Detect unauthorized network access attempts with its built-in STIX/TAXII feeds processor. The tool also has a global IP threat database that can instantly detect known malicious traffic passing through the network as well as outbound connections to malicious domains and callback servers. The global threat database contains over 600 million blacklisted IP addresses that are collected from trusted open sources and updated daily.
  • Find potential insider threats with the user behavior analytics engine, which creates a baseline of normal activities that are specific to each user and notifies security personnel instantly when there's a deviation from this norm. Rather than using static threshold values, the tool employs a combination of data analytics and machine learning to define dynamic thresholds based on real-world user behavior.
  • Obtain important forensic information about incidents. The collected logs can be securely archived to help prove adherence to compliance standards and reduce potential legal penalties during investigations.
  • Automatically raise incidents as tickets to the designated administrator in ServiceDesk Plus, JIRA, Zendesk, Kayako, or ServiceNow to create an incident resolution process that's swift and accountable.

Download a free trial version of Log360 to test these features out yourself.

log-management-real-time-active-directory-change-auditing

+

Stay In The Know

Thank you

You will receive weekly cybersecurity news soon!

  • Please enter a business email id
  •  
  •  
    By clicking 'I'm Interested', you agree to processing of personal data according to the Privacy Policy.

2022 Zoho Corporation Pvt. Ltd. All rights reserved.