Wednesday, March 18, 2015

North Korea Blamed for Cyber-Attack on South Korean Nuclear Plant

North Korea Blamed for Cyber-Attack on South Korean Nuclear Plant

Hackers could not reach sensitive areas of the network

A cyber-intrusion into the systems of Korea Hydro and Nuclear Power (KHNP) in South Korea in December 2014 is now officially attributed to the government at Pyongyang by its counterpart in Seoul.

The piece of information was revealed on Tuesday by prosecutors in South Korea, following the completion of the investigation into the incident.
Breach at power plant recorded in December 2014

On Thursday, a group of hackers using the online alias “Who am I = No nuclear power” released on Twitter data relating to the advanced power reactor (APR) 1400 and system plans from Kori nuclear plant.

The tweet was accompanied by a ransom message for an undisclosed amount of money in exchange for not selling the stolen information to other countries. A hint was dropped regarding the payment, as the hacker said that, by complying with the demand, the South Korean government could risk a lot more than a few hundred million dollars.

KHNP said that the attackers did not manage to reach classified information during the breach last year and that it did not disrupt the activity of any of the reactors of the power plant.
Prosecutors find evidence pointing to North Korea as the attacker

A statement from the central prosecutor’s office in South Korea said that the investigation revealed evidence consistent with the methods used by North Korean hackers, claiming that the “kimsuki” malware was used.

According to Reuters, prosecutors said that the cyber-attacks were carried out between December 9 and 12, 2014, and consisted in targeting 3,571 employees of the nuclear power plant operator with almost 6,000 phishing emails containing malicious code.

The news agency reported that Seoul had suspicions about the government of Pyongyang being implicated in the incident, as IP addresses the attack originated from had been traced to a northeastern Chinese city near North Korea.

Shenyang fits this description and it is also known to be a region from where members of Bureau 121, the North Korean secret cyber division, carry out their missions.