Archive for the ‘Cyber attacks’ Category

DPRK blamed for cyber attack on South Korean nuclear power plant

Tuesday, March 17th, 2015

UPDATE 1 (2015-3-26): The DPRK has denied the hacking allegation. According to Yonhap:

North Korea again denied its involvement in a series of data leaks at South Korea’s nuclear power operator and rebutted Seoul’s interim probe results that accused the communist regime of conducting the hacking attacks.

The North’s Central Internet Research Institute said that the investigation that linked Internet protocol addresses used in the attack to North Korea is groundless and was fabricated by Seoul, according to Pyongyang’s state media Korean Central News Agency.

The denial follows a March 17 announcement by a special investigation team that found the data leaks at the Korea Hydro and Nuclear Power Co. “believed to have been caused by an (unidentified) group of North Koreans hackers.”

In December, an unidentified hacker, claiming to be an activist against nuclear power, had posted data about nuclear power plants, including their blueprints, five times and threatened to destroy the facilities while demanding they be shut down.

Earlier this month, the hacker renewed its threats by posting more files on Twitter that included documents concerning the country’s indigenous advanced power reactor 1400, while demanding money in exchange for not handing over sensitive information to third countries.

The state-run KHNP operates 23 nuclear reactors in South Korea that provide nearly one-third of the country’s energy demand.

ORIGINAL POST (2015-3-17): According to the Wall Street Journal:

South Korea on Tuesday blamed North Korea for a December cyberattack on nuclear power-plant operator Korea Hydro & Nuclear Power Co., marking the first online incursion publicly attributed to Pyongyang since the hacking of Sony Pictures Entertainment.

South Korean investigators said state-owned Korea Hydro, which operates the country’s 23 nuclear reactors, and its business partners were targeted in multiple cyberattacks aimed at stealing internal data that included plant blueprints and employees’ personal information.

South Korea’s nuclear-plant management wasn’t compromised in the attacks and no critical data was disclosed, the investigators said. A series of “spear-phishing” emails aimed at stealing passwords and obtaining remote control access of computers were largely unsuccessful, they added.

A Korea Hydro spokeswoman declined to comment, saying the firm wasn’t participating in the investigation.

A Twitter account holder in December posted Internet links to Korea Hydro’s internal-data archives and issued various demands to prevent further leaks, the investigators said.

Investigators said they traced the intrusions back to Internet addresses registered by North Korea. The spear-phishing virus that investigators said was used in the attack, named “kimsuky,” was previously identified by cybersecurity experts as created in North Korea. The related tweets were posted through servers in Shenyang, in China’s northeast, and Vladivostok, Russia, they said.

Pyongyang’s state newspaper in late December denied involvement in the cyberattacks, calling such accusations a ploy to escalate inter-Korean tension.

Tuesday’s statement was the first time South Korea had publicly attributed the cyberattacks to North Korea.

Here is coverage in Yonhap.

Read the full stories here:
North Korea Blamed for Nuclear-Power Plant Hack
Wall Street Journal
Jeyup S. Kwaak
2015-3-17

Share

Cyber attack capabilities and speculation

Tuesday, June 5th, 2012

According to the Joong Ang Ilbo:

North Korea was caught attempting cyberattacks on Incheon International Airport using viruses planted in game programs, according to the Seoul Metropolitan Police Agency.

A 39-year-old South Korean game distributor was arrested on Sunday for involvement and charged with violating the National Security Law. The National Intelligence Service helped arrest him, police said.

According to the police, the South Korean man, identified by the surname Jo, traveled to Shenyang, northeastern China, starting in September 2009 and met agents of an alleged North Korean trading company. He allegedly asked them to develop game software to be used in the South.

The North Koreans were actually agents from the North’s Reconnaissance General Bureau, and Jo was aware of that, police said.

Jo purchased dozens of computer game software for tens of millions of won, which was a third the cost of the same kind of software in the South. The games were infected with malignant viruses, of which Jo knew, an official at the police agency said.

Jo sold the games to South Korean operators of online games. When people played the games, the viruses used their computers as zombies, through which the cyberattack was launched.

So-called “a distributed denial-of-service attack,” this cyberattack against Incheon International Airport occurred two or three times in March 2011, police said. The attack was fended off by the intelligence authorities in the South.

The police and intelligence authorities also suspect that the North’s Reconnaissance General Bureau is behind a technical glitch in the flight data processor that paralyzed air traffic control at Incheon International Airport for nearly an hour last Sept. 15. It’s not clear if Jo’s viruses were linked. The glitch disrupted the departures of 18 airplanes from the airport. Initially, the Ministry of Land, Transport and Maritime Affairs said it wasn’t linked to North Korea.

AFP reports some slightly different details:

Cho, who was detained on May 23, sold the programmes to South Korean game operators, according to police.

They said the malicious software would paralyse users’ computers and steal personal information. It was not immediately clear how many computers may have been infected.

Cho is also accused of allowing North Korean agents to use his server for distributing denial-of-service (DDoS) attacks on the South’s online systems.

He is alleged to have kept personal information on hundreds of thousands of people from major portals at his home.

Read the full stories here:
Incheon Airport cyberattack traced to Pyongyang
Joongang Ilbo
2012-6-5

S. Korean held for selling N. Korean malware
AFP
2012-6-4

Share