S. Korea Points to N. Korea for Nuclear Plant Hacking

Cyberattacks on Korea Hydro and Nuclear Power’s (KHNP’s) computer systems last December were committed by a group of North Korean hackers, an interim South Korean investigation has concluded. 

The Seoul central prosecutors office said in a March 16 statement that the malicious codes used for the nuclear operator hacking were “the same in composition and working methods as the so-called ‘kimsuky’ that North Korean hackers use.” The South Korean government-led investigation team added that the group used Internet protocol addresses in Shenyang, China, and accessed the IP address of a domestic hosting company.

KHNP runs all 24 of the country’s power plants. The cyberattacks on Dec. 15 involved leaks of personal information obtained from KHNP employees, but later posts included reactor cooling system valve drawings from the Kori Unit 1 nuclear power plant, internal phonebook information, and KHNP’s own secret subcategory guidelines. The group is said to have threatened the release of more information if three reactors—Gori Units 1 and 3, and Wolsong Unit 3—were not shut down.

According to the Korea Herald, the group claimed to be an activist against nuclear power. Last week, the group reportedly posted 10 more internal documents leaked from KHNP on Twitter and a purported transcript of a phone conversation between South Korean President Park Geun-hye and UN Secretary-General Ban Ki-moon. The group also reportedly demanded money, threatening to disclose more documents.

 —Sonal Patel, associate editor (@POWERmagazine, @sonalcpatel)