CJ OliveNetworks’ digital certificate leaked in suspected N. Korean cyberattack

A digital certificate belonging to CJ OliveNetworks Co., the IT service arm of South Korea’s CJ Group, has been found to have been leaked and exploited in a suspected North Korean cyberattack, according to cybersecurity sources Wednesday.

According to the sources, a malicious file linked to North Korea discovered late last month was found to contain a digital certificate issued by CJ OliveNetworks.

Digital certificates are used to verify that a particular software originates from a legitimate company and has not been tampered with. The discovery suggests the company’s certificate may have been stolen and abused by North Korean hackers.

According to the sources, the group behind the attack is believed to be Kimsuky, a well-known North Korean hacking unit.

RedDrip Team, a Chinese cybersecurity firm, reported that Kimsuky had attempted to use the stolen CJ OliveNetworks digital certificate to breach South Korea’s state-run Korea Institute of Machinery and Materials.

In response, a CJ OliveNetworks official said the affected certificate was revoked immediately upon confirmation of exploitation.

CJ OliveNetworks is responsible for developing and managing the IT infrastructure of major CJ Group affiliates, including CJ Logistics Co. and CJ ENM Co. The company also provides business-to-business solutions, such as smart factory and logistics automation systems, for domestic and international manufacturers.