What is an effective response to China’s ‘Xiao Qing’ declaring hacking in Korea? | MONITORAPP

Blog

Get the latest cybersecurity news

What is an effective response to China’s ‘Xiao Qing’ declaring hacking in Korea?

During the Lunar New Year holiday, the Chinese hacking group ‘Xiaoqing’ announced a large-scale cyberattack targeting Korean public institutions.

On the 21st, the Chinese hacking group ‘Xiao Qing’ hacked the websites of 12 Korean research institutes and academic institutions and distributed the personal information of Korean citizens on an open-source community called Github.

It has been confirmed that the disclosed information includes a significant portion of email addresses belonging to Korean government ministries and public institutions as well as general private companies such as LG Electronics, POSCO, and Kumho Tire. In total, personal information of 161 individuals was leaked, creating a severe security concern.

The group responsible for this attack, ‘Xiaoqing,’ is known as the successor to the notorious ‘Teng Snake.’ They have announced plans for further attacks targeting 30 Korean media companies, including KISA (Korea Internet & Security Agency), as well as public and government networks.

This incident underscores the growing importance of robust security management for domestic institutions and companies in Korea.

‘Xiao Qiying’s’ hacking method, ‘SQL Injection’

"SQL Injection" is a long-standing and common attack method used by hackers to steal information.

 

‘SQL Injection’ refers to inserting a manipulated SQL (Structured Query Language: a type of command used to build and manipulate a DB) query into a web server to access, leak, or manipulate data within a database. This technique allows attackers to view and extract sensitive information by manipulating specific data tables or repeatedly inputting desired SQL commands.

 

For example, by inserting SQL commands, attackers can retrieve personal information such as IDs, dates of birth, and email addresses, even when the website is designed only to search for IDs or article titles.

KISA Security Guide for Private Companies

In response to the cyberattack warning from the hacking group 'Xiao Qing,' the Korea Internet & Security Agency (KISA) has issued the following recommendations to enhance security in the private sector:

 

(For Users: Strengthening Login Security)

① Regularly check the history of unauthorized access to websites with a login function, block abnormal IPs, and share them with relevant organizations.

② Enhance the blocking of fraudulent login attempts by setting a threshold for the number of login attempts per IP and using captchas to prevent automated login attempts.

③ Improve user account security by changing passwords and using two-factor authentication.

(For Organizations: Strengthening User Prevention)

④  Recommendation to strengthen account security management for company subscribers

  • Avoid reusing site account information.
  • Set complex password and change it periodically every 3 months.
  • Set up a two-factor authentication through OTP, SMS, etc. in addition to the standard ID and password.
  • If account information is exposed, ensure that passwords for all sites using the same account information are changed.

⑤ Implement enhanced alert functions, such as SMS notifications, when important user information is changed (e.g., communication fee charges).

⑥ Request security enhancements from related service maintenance and consignment companies.

 

 

 

 

 

 

 

 

 

 

 

In accordance with KISA's security guidelines, MONITORAPP will introduce security solutions designed to effectively respond to various threats, including cyberattacks and hacking.

Web Application Firewall (AIONCLOUD – Website Protection) and Threat Intelligence Platform – AILabs

MONITORAPP’s AIONCLOUD is a cloud service that provides all network security stacks to corporate customers on a subscription basis based on SASE (Secure Access Service Edge).

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

AIONCLOUD is primarily divided into two main categories: 'Website Protection', which safeguards web servers, and 'Secure Internet Access', which protects clients. The 'Website Protection' suite includes a web application firewall (WAF) that shields web servers from various threats, identifies abnormal traffic such as SQL injection, XSS, HTTP DoS, and malicious bots.

Recently, an API Protection function was added to enhance security performance further..

In particular, you can apply threat IP (Malicious IP) information to WAF to block abnormal IPs and fraudulent logins, preventing cyber damage from these threats.

 

MONITORAPP’s AIONCLOUD-WAF offers enhanced security by integrating in real-time with AILabs, our threat intelligence platform.

 

The AICC(Application Insight Cloud Center) collects, processes, and analyzes unstructured data from its solutions deployed in 16 countries around the world based on security expertise (Correlation Technology, Adaptive Profiling) and artificial intelligence (AI) and extract the information we need. This allows us to proactively respond to new and evolving attacks.

 

Go to AIONCLOUD-WAF 

Given the recent cyberattacks by a Chinese hacker group, it is evident that cyber threats originating from China are becoming increasingly organized, sophisticated, and indiscriminate.

In response, MONITORAPP ensures quick and thorough preparation for all security solutions linked to AICC. Safeguard your company's valuable data with MONITORAPP’s security solutions!

Scroll Up