It has been confirmed that a Chinese hacking group hacked the homepages of 12 domestic academic institutions.

The government has entered an emergency response to prevent further damage.


why is it important

On the 22nd, the Korea Construction Policy Institute website was attacked by a Chinese hacking group, causing contact failure.

According to the Korea Internet & Security Agency KISA, hacking damage continued to other organizations after that.



So far, the websites where hacking has been confirmed are the Korean Society of Language and Culture, the Korean Archaeological Society, the Korean Association of Parents, the Korea National University of Education Research Institute for Early Childhood Education, the Korean Society of Basic Medicine, the Korean Social Studies Association, the Korean Society of East-West Psychiatry, the Korean Society for Cleft Lip and Palate, and the Korea Visual Disability Association. There are a total of 12 such as the Educational Rehabilitation Society, Jeju National University Education Science Research Institute, and the Korean Society for Educational Principles.



Most of the homepages of the victim organizations are displaying the message 'Unable to connect to the site' until the morning of today (25th).

The hacking group that is presumed to have hacked these institutions has also announced an attack on KISA, but fortunately, there are no unusual features confirmed on the homepage.


to explain a bit more


The hacking was carried out by a hacking group called 'Xiao Qi-ying'.

'Xiaoqiying' was transmitted as the name of a military organization during the Qin Dynasty in China, and it is suspected of being a Chinese hacking group based on the information confirmed so far, such as communicating in Chinese characters.

Those who started their activities at the end of last year actively recruited members after hacking a coal mine platform in Sichuan Province on the 28th of last month.



Then, on the 7th, it publicly announced that it would carry out a long-term data leak operation targeting South Korea.

These organizations, known for their 'anti-Korean' propensity, actually started attacking Korea on the 20th and posted boasting that they had hacked data.




He claimed to have hacked 70 education-related sites in Korea around the Lunar New Year holidays.

In addition, a notice has been posted that they will disclose 54GB of stolen data from domestic public institution sites.



But our government's judgment is different.

They said that during the Lunar New Year holiday, they intensively attacked only sites with relatively weak security.

In other words, most of the sites they attacked, such as academic conferences, were small non-profit corporations, and the security level was managed at that low level.



Nevertheless, the authorities believe that there is a purpose to attract attention and create tension by deliberately exaggerating goals such as inflating the number of hacked sites and attacking KISA.

According to the security authorities, they claim that they have stolen all the authority of the hacked homepage, but it has been found that there is no 'real risk' such as having the authority stolen other than web tampering such as the main screen being changed.



The security authorities are keeping an eye on their movements and are closely monitoring them.

In preparation for the possibility of additional hacking, 26,000 corporate information security chief officers (CISOs) and 2,200 companies participating in the Cyber ​​Threat Information Sharing System (C-TAS) are strengthening account security and conducting emergency response, such as activating emergency reporting channels. went out


one more step


This is because there is an analysis that can fully anticipate additional attacks in the background where the authorities are nervous.

There is an analysis that the Chinese hacking group 'Xiao Qi-ying', which launched this attack, is actually 'Teng Snake', which has been carrying out numerous hacking attacks since 2021, rather than a simple new hacking organization.




**If the 'Go to View' button is not pressed, you can view the address by moving it to the address bar.