Leaked documents from iSoon, a Chinese state-affiliated hacking group, have unveiled China’s extensive cyber intrusions targeting foreign entities, including South Korea. These revelations highlight the growing risks of data security breaches and cyber espionage by Chinese hacking groups, which pose significant threats to the South Korean government and corporations.

The leaked files, which include images, chat logs and a 3-terabyte collection of call logs from South Korea’s LG Uplus telecom provider, provide unprecedented insight into China’s national security data-gathering industry.

The documents spotlight the increasing sophistication and organization of state-sponsored cyber attacks, ranging from data theft and financial asset compromise to manipulating online platforms for political gains.

In response to the growing threat landscape, governments and corporations worldwide are investing significant resources to fortify their cybersecurity defenses. The U.S. has taken a proactive stance, with President Joe Biden enacting legislation in April that requires ByteDance, the Chinese parent company of TikTok, to divest its subsidiary within 270 days or face a ban from the U.S. market.

South Korea’s vulnerabilities in the cybersecurity domain emphasize its susceptibility to ongoing and future malicious cyber assaults and data security risks.

The AliExpress App as seen on a smartphone | Image: CardMapr.nl via Unsplash

SURGING CHINESE APPS

Chinese e-commerce mobile applications have witnessed a notable surge in popularity within South Korea over the past year.

According to WiseApp and Mobile Index analytics, South Korean Temu users surged from 5.8 million in February to 8.3 million in March alone. Since its launch last year, Temu’s user base in South Korea has skyrocketed elevenfold within just nine months.

The sudden popularity of Chinese e-commerce giants has raised significant concerns regarding data security risks.

South Korea’s Fair Trade Commission is examining consumer protection measures, reflecting growing apprehensions. Concurrently, the Korea Internet Corporations Association and other business interest groups have emphasized the need to enhance institutional consumer protection frameworks.

“As apps like TikTok and Temu expand their user base domestically, the potential for data leakage and cyber surveillance through these apps also rises, Yoo Do-jin, a professor of hacking and cyber security at Far East University, told Korea Pro. “This makes concerns about the risk of data leakage due to the increasing use of Chinese apps very valid,” he added.

Moreover, a Chinese hacking group’s infiltration of LG Uplus has exposed numerous cybersecurity vulnerabilities that need to be addressed.

LG Uplus, the only South Korean company on the list of hacking victims, was also the sole company that chose to rely on Huawei, a Chinese digital communications technology corporation, despite the U.S. Department of Defense’s 2019 protest against the deployment of Huawei and ZTE equipment near U.S. military installations in South Korea.

Although LG Uplus has refuted any association between Huawei and the data breach perpetrated by the hacking group, the incident highlights the potential security risks associated with relying on Chinese technology providers.

Approximately 79% of Advanced Persistent Threat (APT) groups are believed to be Chinese state-sponsored teams, according to Yoo. These groups consistently engage in cyber espionage targeting multinational corporations and government entities, employing tactics like spear phishing and custom backdoors.

The collection of user data through Chinese applications presents an additional avenue for these hacking groups.

“APT1 uses phishing emails and backdoors to gather intelligence, exploiting the vulnerability of user data stored on Chinese app servers, while APT10 targets Managed Service Providers, indicating the potential for data obtained through Chinese apps to be used across multiple industries,” Yoo said.

“Given the cyber attack capabilities of Chinese APT groups and their history of international cyber espionage activities, security issues arising from these apps must be addressed seriously,” he added.

South Korean President Yoon Suk-yeol attends the Dialogue with Young White Hackers event, Oct. 12, 2023 | Image: ROK Presidential Office

CHINA’S CYBER OBJECTIVES

Distinguishing between the actions of private hackers and the Chinese Communist Party (CCP) remains a challenge, as the line between them is often blurred, according to Bruce Dickison, a professor of political science and international affairs at George Washington University.

While recent attacks in various countries, including Palau, may have been orchestrated by private hackers motivated by financial motives, the Chinese government’s involvement cannot be ruled out.

“It is not always clear what they are looking for or what they do with the data once they have it. But it has been a long-term and sustained effort toward the U.S. and other countries,” Dickinson told Korea Pro.

Additionally, the increasing popularity of Chinese social media platforms, such as TikTok, complicates the issue. Although ByteDance claims it hasn’t disclosed TikTok’s user data to the Chinese government, experts speculate that such potential exists if Beijing requests it.

Notably, ByteDance has reportedly instructed TikTok employees to transmit substantial amounts of U.S. user data, contradicting TikTok’s assurances of data privacy.

This situation gives rise to potential scenarios, such as the manipulation of TikTok’s algorithm to disseminate disinformation or the amalgamation of user data with other sources to gain deeper insights into users.

Further, the CCP’s legislation, which requires Chinese companies to furnish information upon government request, adds another layer of concern to the issue.

Under Xi Jinping’s leadership, China’s cyber-related policies have become increasingly aggressive, aligning with Xi’s efforts to consolidate power for internal control and serve China’s interests abroad. This shift also reflects the growing significance of cybersecurity in U.S.-China relations and other diplomatic agendas.

“These actions by Chinese hackers appear to be a response to recent events in South Korea, such as the exposure of alleged secret Chinese police stations operating in South Korea under the guise of restaurants and the strengthening U.S.-ROK alliance,” Song Tae-Eun, an assistant professor at the Institute of Foreign Affairs and National Security, told Korea Pro.

“It is highly anticipated that such activities will increase in the future,” she said.

Defense ministers Kihara Minoru (left), Lloyd Austin and Shin Won-sik meet on the sidelines of the Shangri-La Dialogue security conference in Singapore to strengthen and institutionalize trilateral security cooperation, June 2, 2024 | Image: ROK Ministry of National Defense via Facebook

SOUTH KOREA’S RESPONSE

South Korea has been developing a cybersecurity framework and response protocols to combat foreign cyber threats, spearheaded by its National Intelligence Service and the military’s Cyber Operations Command.

The Yoon Suk-yeol administration recently announced the establishment of the National Cybersecurity Strategy, which focuses on proactive cyber defense and response to foreign threats, as part of this initiative.

In the private sector, the Personal Information Protection Commission and the Korea Internet and Security Agency provide legal regulations and technical support to enhance data protection and assist companies in responding appropriately to data breaches.

South Korea also has the U.S. as a valuable partner, given the high number of Chinese hacking attempts in both countries. Despite this, bilateral cooperation in both public and private sectors remains limited.

“South Korea needs to strengthen its cybersecurity cooperation with the U.S. It should also actively collaborate with U.S. IT companies like Amazon and Microsoft. Currently, the country is quite passive in cooperating with them,” Song said.

Additionally, legislative measures to prevent data breaches, which are proactively implemented in the U.S. and other countries, are largely absent in South Korea.

For instance, India imposed a nationwide ban on TikTok and numerous other Chinese apps, such as WeChat, due to privacy and security concerns. Similarly, the United Kingdom, Norway, New Zealand and several other European countries have banned TikTok on lawmakers’ work devices.

It remains to be seen whether South Korea will engage in similar debates.

“The South Korean government must closely monitor the risks associated with the increasing use of Chinese apps and strengthen necessary legal and technical countermeasures,” Yoo of Far East University said. 

“Furthermore, it is crucial to educate users about the importance of data protection and enhance transparency regarding how data is collected and used.”

Edited by John Lee