my timesThe Korea Times
  1. Business
  2. Tech & Science

CJ OliveNetworks’ digital signature compromised in apparent cyberattack

Listen
By Nam Hyun-woo
  • Published KST
An image posted by RedDrip Team on X shows work plans allowing access to the internal system of the Korea Institute of Machinery and Materials, which is believed to have been used in a cyberattack. Captured from @RedDrip7

An image posted by RedDrip Team on X shows work plans allowing access to the internal system of the Korea Institute of Machinery and Materials, which is believed to have been used in a cyberattack. Captured from @RedDrip7

A digital certificate of CJ OliveNetworks, an IT infrastructure unit of CJ Group, was compromised in a suspected cyberattack, according to industry officials and the company on Wednesday.

The company said it reported the breach to the Korea Internet & Security Agency (KISA) after confirming that one of its digital certificates had been compromised.

An official at the company said the compromised certificate is a digital signature and was immediately deleted on Wednesday morning. Since it was used for developing software and did not contain any personal information, the company reported this case only to KISA, not the country’s Personal Information Protection Commission.

According to industry officials, the leaked certificate was used to prove that a program came from CJ OliveNetworks and was safe to run. It was attached to executable files to mark the software as trustworthy for users.

Though the company said it is still investigating the incident, the breach is suspected to be a cyberattack led by Kimsuky, a North Korean state-backed hacker group.

A day earlier, RedDrip Team, a Chinese cybersecurity firm, posted on X that a malware dropper digitally signed by “CJ OliveNetworks Co., Ltd” was used to deliver a malicious file, indicating that Kimsuky attempted an infiltration into the state-run Korea Institute of Machinery and Materials via CJ OliveNetworks’ subcontractor named Plan I.

“We are still investigating the exact cause,” the official said. “After recognizing the breach, we began a fact-finding process and are working to identify the cause and prepare countermeasures.”

CJ OliveNetworks is the IT service provider for CJ affiliates, including CJ Logistics and CJ ENM. The company also offers solutions such as smart factory systems and logistics automation to manufacturing clients both in Korea and abroad.

The breach came amid nationwide turmoil over a customer data breach at SK Telecom, Korea’s largest mobile carrier.