South Korean City Grapples With Government Server Cryptojacking


In a startling revelation, an audit has uncovered the presence of cryptocurrency mining malware on government servers in Daejeon, a major South Korean city. This incident highlights a growing concern in the digital age: the security of public infrastructure against the rising tide of cryptojacking.

The Ministry of Public Administration and Security, responsible for overseeing the integrity of public data systems in South Korea, regularly conducts biannual audits of city government servers. It was during the latest of these audits, conducted in June of the previous year, that the discovery was made. Investigators found malicious code embedded within Daejeon City’s information system. The nature of this code? It was designed for crypto mining activities.

The intrusion didn’t just stop at one server. The audit team unearthed a series of cybersecurity breaches affecting two critical servers. One was compromised by mining malware, exploiting weak administrator account passwords. This is a classic case of neglect in digital security hygiene where simple measures could have prevented a complex problem. Meanwhile, another server was manipulated into a hacking transit point, spreading the malware further across the network.

What’s notable is the speed of the city’s cyber response team. They detected unusual activities within just eight days of the initial breach. Following this, they acted promptly, isolating the network and identifying the harmful code. This swift action led to a detailed report being forwarded to the National Intelligence Service (NIS), South Korea’s leading intelligence body specializing in public data breaches.

However, the auditors didn’t mince words when it came to the root cause of this breach: a severe lack of additional security measures. Their report clearly pointed out that the city’s cybersecurity infrastructure had gaping holes, mainly due to outdated security protocols and neglected maintenance checks. Out of 467 information system server devices, an astonishing 98 had not undergone the mandatory annual diagnostic tests. This oversight opened the door for hackers to infiltrate the network with relative ease.

In a call to action, the ministry has directed the Daejeon Mayoral Office to undertake comprehensive measures to avoid such incidents in the future. This incident is a wake-up call, not just for Daejeon but for cities worldwide, emphasizing the importance of rigorous cybersecurity practices.

Interestingly, this isn’t the first time South Korea has faced such a scenario. Back in 2021, Seoul was shaken by the news of a government employee using city-provided energy for mining Ethereum (ETH) beneath a prestigious opera house. This individual had set up two ETH mining rigs, equipped with high-end graphics cards, in the basement of the opera house’s Calligraphic Art Museum. This discovery had already raised questions about the misuse of public resources for personal gain, and now, with the Daejeon incident, it underscores a broader issue of cybersecurity in public institutions.

This story serves as a critical reminder of the evolving challenges in maintaining digital security. As the world becomes increasingly reliant on digital infrastructure, the responsibility falls on governments and public institutions to safeguard their networks against such exploitative practices. Cybersecurity is no longer a niche concern but a fundamental aspect of public administration in the digital age. The Daejeon incident is a cautionary tale, urging immediate and ongoing actions to fortify digital defenses against the ever-evolving landscape of cyber threats.