Crypto Mining Malware Found on Government Servers in Daejeon, South Korea
In a startling revelation, an audit of the South Korean city of Daejeon’s government servers discovered two servers infected with crypto mining malware. The city’s information system, which is routinely audited biannually by the Ministry of Public Administration and Security, was compromised by malicious code purposed for cryptocurrency mining.
The Breach and the Response
Of the two compromised servers, one was utilized as a hacking transit point, escalating the gravity of the situation. The city’s cyber response team detected these abnormal activities within eight days, promptly quarantining the network and reporting the incident to the National Intelligence Service (NIS). The rapid response was impressive, yet the auditors pointed out the absence of additional security measures that could have potentially thwarted the breach.
A Lack of Necessary Precautions
The audit underscored a disconcerting reality: many of the city’s servers had not undergone the necessary annual diagnostic checks. This failure highlighted the laxity in maintaining robust security protocols, thereby leaving the city’s information system susceptible to cyberattacks. It was a stark reminder of the critical importance of implementing and maintaining rigorous cybersecurity measures to protect sensitive government data and infrastructure.
Government’s Stand and Future Actions
Following the audit, the Ministry of Public Administration and Security has instructed the Daejeon Mayoral Office to enhance security practices. The objective is to prevent similar incidents in the future and to fortify the city’s digital infrastructure against potential threats. This incident serves as an echo of a previous case in 2021, where a government employee in Seoul misused city energy to mine Ethereum beneath a prestigious opera house, raising significant concerns over the misuse of public resources for personal gain in cryptocurrency mining endeavors.