Screenshot of the Korean East-West Mind Science Association website, attacked by a Chinese hacking group [SCREEN CAPTURE]
A Chinese hacker group, referred to as Dawn Cavalry, conducted a cyberattack against the websites of numerous research and educational institutions in South Korea during the Lunar New Year celebrations. The group declared that the Korea Internet and Security Agency (KISA) is its next target. The South Korean government has only reported that 12 agencies have been affected by the invasion, but there are more than that. As of Wednesday afternoon, many of the websites that were breached last week by hackers claiming to represent the “KISA” organization were still not accessible, displaying a logo and name of the hacker group in Chinese characters and English along with a statement that reads, “We Declare an Invasion of the South Korean Internet.” However, a few of the websites have since recovered and are now functioning as normal. KISA has not been able to confirm whether the hackers are Chinese nationals or whether they are supported by the government.
Dawn Cavalry is a hacker group that has attacked a number of South Korean educational establishments. The group has also threatened to attack more if the government does not change its policies. The hackers gained access to their web servers, replaced the hosted websites with their own messages in Korean, and proclaimed that they would continue to target networks within South Korea. The website featured comments written in simplified Chinese, which is primarily used in mainland China. The same code could be found in Chinese developer blogs and instructions for creating a Matrix-like background. The name of the collective appears to be derived from a Chinese military contingent of olden times. Only the manager of the Dawn Cavalry channel has authorisation to post, with its followers being allowed to only leave comments.
South Korea’s popularity as a broadcasting destination for live-streamers has resulted in the country becoming a target of KISA, a hacking collective. KISA has vowed to leak the data of South Korean citizens for a long duration, and an inquiry into the cyberattack is currently in progress.
It is reported that the KISA is having difficulty determining the identity of the hackers, their motives for targeting South Korea, and other relevant information due to the cyberattack that occurred during a holiday period. Many of the questions remain unanswered.