Hackers again make threats on reactorsA group of antinuclear hackers who threatened last year to shut down South Korea’s nuclear reactors have once again uploaded on its Twitter account what it alleges are confidential government documents.
“A virus by an antinuclear group has been widely proliferated,” the group said in a post dated Wednesday morning. “It will start attacking [South Korea’s] nuclear reactors once we push the button.”
The warning also included a file detailing plans for a ceremonial luncheon for military commanders as well as other documents, pictures and blueprints of the Wolseong 1 reactor.
The file is a private Blue House document containing a seating chart and profiles of the officials who attended a luncheon last year at the presidential office.
The government investigation team that initially investigated the group following its first provocation in December, has since launched a new probe to locate the IP address where the post originated and figure out how the group acquired the documents.
“We’re currently cooperating with government offices, including the Blue House,” said one of the team’s investigators. “We are also continuing to cooperate with Chinese authorities, because the IP address is based in China.”
The government believes the antinuclear group is likely from North Korea, as was the case in the first incident in December, though the investigators suspect the group’s members may have changed or rotated given the expressions used in the post Wednesday.
“Looking at the post on Wednesday, the hacker often uses North Korean expressions,” a prosecutor said, unlike in the first attack, when most of the posts the hackers wrote used natural South Korean expressions.
Amid the second round of hide-and-seek, the Korea Hydro and Nuclear Power Corporation (KHNP), the operator of the reactor, asserted that the most recent threat would not do any harm to the nuclear reactor.
“We share those documents with subcontractors, and they are not confidential, just like [the incident] last year,” said a KHNP official. “It has nothing to do with nuclear safety.
“We assume the hackers are engaging in psychological warfare with data they acquired last year.”
The hackers previously released confidential documents from the KHNP - pictures and blueprints - six times from December to March, claiming that they had hacked into the corporation and stolen secret documents.
The government’s joint investigation team disclosed the results of its investigation in March, concluding that North Korea was behind the breach given that the group used “Kimsuky”-type code typically employed by North Korean hackers, and that it had used Shenyang, China-based IP addresses via a North Korean IP.
Investigators said in March that the hackers had sent 5,986 emails containing malignant code to 3,571 KHNP employees since 2013 in an attempt to destroy their hard drives, though only eight computers were infected and five hard drives actually destroyed.
The team also assessed that the email attack had little impact on operations at the nuclear reactors.
The antinuclear group’s Twitter account is currently blocked.
BY LEE YOO-JEONG AND KIM BONG-MOON [firstname.lastname@example.org]