SEOUL, South Korea >> Hackers believed to be from China stole secret South Korean documents on defense and foreign affairs by using e-mails pretending to be from Seoul officials, a news report said Friday.
The suspected hacking occurred when South Korean officials handling foreign and security affairs opened attachment files that contained titles referring to items such as the schedule of North Korean leader Kim Jong Il’s trip to China, the JoongAng Ilbo newspaper said, citing a ruling party lawmaker.
Kim visited China twice this year.
The e-mails, made to appear as if from a South Korean presidential official and a South Korean diplomat, contained hacking programs that can be activated when the e-mails are opened, the newspaper said.
The lawmaker, Lee Jung-hyun of the Grand National Party, obtained two allegedly hacked South Korean defense reports from Chinese hackers, according to the report. Lee provided no other details, it said.
Lee could not be reached for comment. Repeated calls to an aide seeking confirmation also went unanswered.
The report did not say when the alleged hacking occurred.
Earlier this year, South Korea’s top spy agency warned the government about e-mails disguised as having been sent by government officials, said the newspaper. The National Intelligence Service confirmed it issued the warning in a report sent to the government, but declined to give further details.
The e-mails had addresses using South Korea’s two main portal sites, Naver and Daum, though a Defense Ministry investigation into their IP address — the Web equivalent of a street address or phone number — traced them to China, said the newspaper.
The Defense Ministry said it could not immediately comment on the report.
The JoongAng Ilbo report came months after a government-run website in South Korea was hit by a massive number of access attempts traced to China.
In June, access to one of the sites run by the Ministry of Public Administration and Security slowed for several hours because about 120 sites based in China tried to connect to it simultaneously to overwhelm its server, according to the ministry.
Last year, government websites in South Korea and the U.S. were paralyzed due to a similar type of cyberattack that South Korean officials believed was conducted by North Korea. But U.S. officials have largely ruled out North Korea as the origin, according to cybersecurity experts. Experts say there is no conclusive evidence that North Korea, or any other nation, orchestrated it.
South Korean media have reported that North Korea runs an Internet warfare unit aimed at hacking into U.S. and South Korean military networks to gather information and disrupt service.
The two Koreas are still technically at war because their conflict that started in 1950 ended in 1953 with an armistice, not a peace treaty.