A global hacking group is threatening to conduct cyberattacks on local banks and securities companies, putting the local finance industry on high alert.
According to bank officials, a group of hackers calling themselves Armada Collective sent messages to seven banks, some brokerages and the country's bourse operator Korea Exchange between June 20 and 23. The seven lenders are Shinhan, Kookmin, Woori, KEB Hana, Nonghyup, IBK, and KDB.
The hackers demanded they send between 10 and 15 Bitcoins ($24,000 to $36,000) to prevent a distributed denial-of-service (DDoS) attack. Bitcoin is a virtual currency, traded at around 3.3 million won each.
In DDoS attacks, attackers overwhelm the target website with data requests, paralyzing its internet server and blocking legitimate users from accessing the site.
The website of Lotte Duty Free, which was a target for China's economic retaliation over Korea's decision to deploy a U.S. missile defense system against North Korean threats, was paralyzed due to DDoS attacks by Chinese hackers.
The hacker group already carried out a small attack Monday on the Korea Financial Telecommunications & Clearings Institute (KFTC), Suhyup Bank, DGB Daegu Bank and JB Bank. The KFTC got a message from the hackers at 9:50 a.m. They threatened to stage a massive DDoS attack unless it paid a Bitcoin ransom by July 3.
A small DDoS attack immediately followed at 9:52 a.m., lasting for about 16 minutes.
According to the KFTC, its two centers at Yeoksam in Seoul and Bundang in Gyeonggi Province faced attacks, which didn't cause much problem. Other banks also continued providing banking services as usual since the attack was not severe.
However, the hackers could still initiate a larger attack today, which they designated as D-day in messages sent to financial companies.
Analysts say the hackers may have attacked the KFTC and small regional banks Monday as a test, since their systems are relatively vulnerable compared to those of large banks.
The hackers group claims it is capable of launching larger-scale attacks.
The Financial Supervisory Service sent official letters to local financial companies requesting them "not to accept the unjust demands of the hacking group."
"The infrastructure for e-finance services should be protected from invasions such as DDoS," it stressed, requesting the businesses to do their best to protect their systems and abide by security standards in the e-finance regulations.
The regulator said it is showing its determination not to succumb to the hackers, and the financial companies should not establish bad precedents by "negotiating" with them.
"With the expansion of fintech, cyber risks are increasing with hackers attacking the financial sector. We need to take measures to fend them off," Financial Supervisory Service Governor Zhin Woong-seob said in a meeting with bank CEOs Monday. Fintech refers to the convergence of financial services and technology.
Local web hosting company Internet Nayana meanwhile recently paid 1.3 billion won worth of Bitcoins to hackers after a ransomware attack paralyzed its servers and affected its client websites, despite criticism that it set a bad precedent that may prompt global criminals to target Korea.
The Financial Security Institute is monitoring 187 financial companies for protection. Local banks are also operating emergency task force teams to fend off a possible attack, strengthening monitoring.