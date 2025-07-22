News 9

Hacker hits SGI's weak security

입력 2025.07.22 (02:02)

[Anchor]

The computer system failure at SGI Seoul Guarantee last week has been identified as a result of hackers launching indiscriminate attacks on the virtual private network.

The hackers used a simple method of continuously changing passwords to carry out their attack, and it has been revealed that Seoul Guarantee did not have measures in place to prevent such basic attacks.

Reporter Song Su-jin exclusively reports on the unpublished investigation results from the financial authorities.

[Report]

This is a bank website.

After entering the wrong password five times, the account is completely locked.

To unlock it, more information such as the account password must be entered.

This is a mechanism that prevents indiscriminate attacks from hackers who continuously try to enter IDs and passwords to breach the internal network of financial institutions, and it is installed in most financial institutions.

However, the investigation results from the financial authorities show that SGI Seoul Guarantee, which was breached by a hacker attack last week, did not have this most basic security measure properly in place.

The hackers specifically targeted the SSL VPN, which is necessary for remote access to the internal network from outside the company.

The hackers continuously changed and entered IDs and passwords until they were able to access the internal network.

Although this is an unusual access attempt that is generally hard to detect, the company was unable to detect it due to the lack of security measures, and ultimately, the server was paralyzed by the hacking, halting all guarantee operations.

[Jang Sang-geun/Head of IT Security Company Research Institute: "Typically, companies inadequately respond by thinking, 'Oh, we don't provide services externally, so security incidents won't occur here.' And it's those places that become targets of attacks."]

A senior official from the Financial Supervisory Service stated, "We have requested the VPN equipment manufacturers to improve their systems to prevent indiscriminate attacks from hackers, and this was completed today (July 21)."

The Financial Supervisory Service has also instructed financial institutions using the same security equipment to conduct emergency inspections and prepare security measures.

This is KBS News, Song Su-jin.

