Stories
Slash Boxes
Comments

SoylentNews is people

Submission Preview

Link to Story

Revisiting the 2014 South Korea Hydro and Nuclear Power Hack

Accepted submission by Frosty Piss at 2024-03-23 19:26:14
Security

https://www.38north.org/2024/03/revisiting-the-2014-korea-hydro-and-nuclear-power-hack-lessons-learned-for-south-korean-cybersecurity/ [38north.org]

In December 2014, North Korea's cyber group Kimsuky conducted an attack on the South Korean Korea Hydro and Nuclear Power (KHNP), leaking personal information of 10,000 employees, reactor blueprints, manuals, electricity charts, radiation methods and more. Despite the impact of the 2014 KHNP hack on South Korea, it has figured minimally in English-language cybersecurity literature.

In 2013, North Korea used the DARKSEOUL malware to paralyze ROK broadcasting stations, banks and government sites after its long-term espionage campaign, Operation Troy. In December 2014, however, despite those precautionary steps, KHNP was hacked. Kimsuky used a Twitter account named “president of anti-nuclear reactor group” to post sensitive documents and blueprints from KHNP and threatened to leak more information unless specific reactors in Gori and Wolseong were shut down by Christmas.

As with most research regarding cyber operations and the DPRK, the scarcity of publicly available information posed a challenge. This was especially true for the period from 2014 to 2022 when the Moon Jae-in administration in South Korea was reluctant to publicly attribute cyber operations to North Korea for political purposes.

The 2014 KHNP hack marked a pivotal turning point for South Korean cyber policy. While North Korea’s Kimsuky was successful in stealing sensitive information and publicly demonstrating the vulnerabilities of the South Korean nuclear energy industry to cyberattacks.


Original Submission