More Evidence of North Korean Involvement in South Korean Nuclear Power Plant Hack
kpopluv, March 18, 2015, 7:56 a.m.
An investigation suggests that North Korea was behind the cyber attack against Korea Hydro and Nuclear Power Corporation in December of last year. The investigation team that probed the attack said the malicious codes were similar to ones used by North Korean hackers, and the attacks were also traced to North Korean IP.
The hackers obtained reactor blueprints and other sensitive data and posted them online. They sent out some 6,000 e-mails with malicious codes to 3,600 KHNP staff aiming to disable their hard drives. The hackers also blackmailed the government demanding that it shut down nuclear reactors and give them US$10 billion.
"Only five computers were actually harmed and the operation and safety of reactors were not compromised," an investigator said. He added that the hackers appear to have been more interested in causing a panic.
The strongest evidence was IP addresses that were traced back to the North. The hackers used a South Korean Virtual Private Network service in order to hide their tracks, but 25 North Korean IP addresses and five more IP addresses allocated to a North Korean communications service provider were traced to the VPN.
The malicious code used by the hackers was also almost identical to those used by North Korean hackers in the past. "IP addresses consist of 12 digits, and nine of those numbers matched the IP address used by North Korean hackers when they posted threats against the government through a server in Shenyang, China," an investigator said.
The hackers may have used relay stations along the China-North Korea border to access the Internet. Investigators plan to team up with U.S. and Chinese law enforcement to track down the hackers. The e-mail and social media servers the hackers used are based in the U.S., while some IP addresses were traced to China.