Pyongyang the suspected source behind hacking

Authorities looking into an antinuclear group that attempted to blackmail the country’s energy authority into shutting down its nuclear reactors provisionally concluded in its interim report that the hackers are likely North Koreans who aimed to raise social turmoil in the South.

One hacker referred to as the organization’s chairman shocked officials at the end of last year when exclusive blueprints and technical operation guides for local nuclear reactors were leaked on five occasions.

Investigators’ findings found that the malware used by the hackers was similar to the malicious code widely used by Pyongyang, indicating that the perpetrators could be North Korean. “The malignant codes used to attach the email accounts of the employees at Korea Hydro and Nuclear Power (KHNP) works similarly as a ‘Kimsuky’-type code, the one that is usually used by North Korean hackers,” an official on the investigative team said on Tuesday.

According to the investigators, the hackers sent 5,986 emails containing malignant codes to 3,571 KHNP employees since 2013 in an attempt to destroy their hard drives, though only eight computers were infected and five hard drives were actually were destroyed. The investigation team also assessed that the email attack had little impact on the nuclear reactors’ operations.

“The hackers are believed to have threatened KHNP with the data they acquired by hacking into various sources after they failed to paralyze KHNP operations via phishing,” the official said. “Most of the accesses to KHNP were made from IP addresses in Shenyang, China, via a domestic virtual private network (VPN).”

It is commonplace for North Korean hackers to work in Shenyang, where local IP addresses can be used in North Korean border towns.

The investigators believe the hackers, who identified themselves as an antinuclear group, did not actually mean to earn money or protest nuclear generation as they claimed.

“Their activities were only to cause social chaos,” said the official. “When they said via Twitter on Thursday that they only wanted money, we believe it was only a ruse.”

The investigative team currently plans to trace the IP addresses and malignant codes used for the blackmail attempt and cooperate with related organizations in and outside of Korea.

The government responded to the threat, saying the hack was an aggression on national security.

“North Korea acquired data about KHNP and threatened to destroy nuclear reactors, putting the lives and safety of the public at risk,” the Ministry of Unification said in a statement.

“North Korea disclosed the data little by little because it was trying to cause chaos in society,” it continued. “The government will handle [cyberterrorism from North Korea] using adequate means and strengthening cooperation with the international community.”

BY KIM BONG-MOON [kim.bongmoon@joongang.co.kr]