Cyber Incident Victim: Defense Acquisition Program Administration

On October 4, 2018, unknown hackers compromised 10 computers within South Korea’s Defense Acquisition Program Administration (DAPA), the agency responsible for military procurement programs including next-generation fighter jets. The attackers targeted 30 systems in a coordinated virtual assault, successfully breaching one-third of them. Intruders accessed internal data related to sensitive defense acquisitions and weapons purchases. The intrusion remained undetected until October 26, 2018, when the National Intelligence Service identified suspicious network traffic originating from IP addresses associated with DAPA’s systems. This 22-day gap between intrusion and detection allowed attackers prolonged access to compromised devices. The breach was publicly disclosed weeks later through a report issued by South Korean politician Representative Lee, who raised concerns about potential concealment of the incident’s severity.

DAPA and the Ministry of National Defense confirmed the breach but asserted no classified information was stolen, despite compromised systems containing military procurement details. Representative Lee challenged this assessment, suggesting officials might have minimized the breach’s scope and questioning whether proper damage evaluations occurred. The incident coincided with a separate cyberattack targeting Liberty Korea Party Representative Baek Seung-joo, though no confirmed connection between the two events was established. Authorities acknowledged the possibility of North Korean involvement but did not attribute responsibility. In response, intelligence agencies initiated reviews of DAPA’s cybersecurity measures to address vulnerabilities exploited during the intrusion. The National Assembly maintained oversight of ongoing investigations into the attack’s origins and full impact on defense procurement systems.