UPDATE 1 (2015-3-26): The DPRK has denied the hacking allegation. According to Yonhap:
North Korea again denied its involvement in a series of data leaks at South Korea’s nuclear power operator and rebutted Seoul’s interim probe results that accused the communist regime of conducting the hacking attacks.
The North’s Central Internet Research Institute said that the investigation that linked Internet protocol addresses used in the attack to North Korea is groundless and was fabricated by Seoul, according to Pyongyang’s state media Korean Central News Agency.
The denial follows a March 17 announcement by a special investigation team that found the data leaks at the Korea Hydro and Nuclear Power Co. “believed to have been caused by an (unidentified) group of North Koreans hackers.”
In December, an unidentified hacker, claiming to be an activist against nuclear power, had posted data about nuclear power plants, including their blueprints, five times and threatened to destroy the facilities while demanding they be shut down.
Earlier this month, the hacker renewed its threats by posting more files on Twitter that included documents concerning the country’s indigenous advanced power reactor 1400, while demanding money in exchange for not handing over sensitive information to third countries.
The state-run KHNP operates 23 nuclear reactors in South Korea that provide nearly one-third of the country’s energy demand.
ORIGINAL POST (2015-3-17): According to the Wall Street Journal:
South Korea on Tuesday blamed North Korea for a December cyberattack on nuclear power-plant operator Korea Hydro & Nuclear Power Co., marking the first online incursion publicly attributed to Pyongyang since the hacking of Sony Pictures Entertainment.
South Korean investigators said state-owned Korea Hydro, which operates the country’s 23 nuclear reactors, and its business partners were targeted in multiple cyberattacks aimed at stealing internal data that included plant blueprints and employees’ personal information.
South Korea’s nuclear-plant management wasn’t compromised in the attacks and no critical data was disclosed, the investigators said. A series of “spear-phishing” emails aimed at stealing passwords and obtaining remote control access of computers were largely unsuccessful, they added.
A Korea Hydro spokeswoman declined to comment, saying the firm wasn’t participating in the investigation.
A Twitter account holder in December posted Internet links to Korea Hydro’s internal-data archives and issued various demands to prevent further leaks, the investigators said.
Investigators said they traced the intrusions back to Internet addresses registered by North Korea. The spear-phishing virus that investigators said was used in the attack, named “kimsuky,” was previously identified by cybersecurity experts as created in North Korea. The related tweets were posted through servers in Shenyang, in China’s northeast, and Vladivostok, Russia, they said.
Pyongyang’s state newspaper in late December denied involvement in the cyberattacks, calling such accusations a ploy to escalate inter-Korean tension.
Tuesday’s statement was the first time South Korea had publicly attributed the cyberattacks to North Korea.
Read the full stories here:
North Korea Blamed for Nuclear-Power Plant Hack
Wall Street Journal
Jeyup S. Kwaak