Some 100 IoT devices found to be malware infected in Korea

2022.01.20 14:51:38 | 2022.01.20 14:52:25

이미지 확대
Some 100 closed circuit TV and digital video systems connected to an IoT network in Korea were found to have been used as hacking tools, raising alarm about potential exploitation and damage amid IoT proliferation in the manufacturing, healthcare, and energy sectors.

Seoul’s National Intelligence Service (NIS) on Wednesday announced some 11,700 IoT devices (100 in Korea, 11,600 elsewhere) were infected by Mozi botnet, leading to hacking or unauthorized access to public organizations.

Some infected devices were used as a transit point for distributing malware for cryptocurrency mining. Those devices include routers, CCTVs, video recorders, and PC-embedded signages. The NIS discovered the botnet infection after on-site investigations upon receiving information from Russia’s emergency response team in December of last year that there was a hacking attempt via a Korean IP address.

First spotted late 2019, the peer-to-peer botnet quickly grew to more than 50,000 infected devices, according to security company Piolink last September.

Although there has been no apparent hacking damage caused by Mozi botnet in Korea yet, vigilance should be raised versus the danger of DDoS attack that can disrupt the normal traffic of targeted servers or networks, according to the NIS.

The NIS said only 100 plus IoT devices were infected in Korea, but experts warned that it is likely to have spread more than currently known because botnet attacks other connected devices.

The NIS said that the IoT devices are vulnerable when a default password is left unchanged or they are not security patched, calling for a new password that cannot be easily guessed by a third party.

By Kim Sung-hoon, Na Hyun-joon and Minu Kim

[ⓒ Pulse by Maeil Business Newspaper & mk.co.kr, All rights reserved]