North Korean hackers plunder thousands of nuclear plant tech documents from South's company

Home > National > North Korea

North Korean hackers plunder thousands of nuclear plant tech documents from South's company

Published: 10 Oct. 2024, 17:57

MICHAEL LEE
lee.junhyuk@joongang.co.kr

APR-1400 reactors at the Hanul Nuclear Power Plant in Uljin, North Gyeongsang [KOREA HYDRO & NUCLEAR POWER]

Hackers associated with North Korea pilfered approximately 720,000 files on nuclear power plant technology from a company that works closely with Korea Hydro & Nuclear Power (KHNP), a Democratic Party (DP) lawmaker said Wednesday.

According to the office of DP Rep. Choi Min-hee, who chairs the National Assembly’s Science, Technology, Information, Broadcasting and Communications Committee, the hackers stole the massive trove of data over two cyber intrusions that took place in September 2020 and June this year.

Although the affected partner company had installed a security system in April 2017 to prevent the installation of external malware and leaks of classified technologies, Choi’s office said the hackers were able to bypass the system by acquiring the password to one of the company’s administrator accounts, which have the highest security clearance.

They subsequently stole about 720,000 documents, or about 10.6 percent of 6.77 million files on the partner company’s entire database.

Approximately 110,000 of the stolen files contain information about KHNP's nuclear power-related technologies, according to Choi’s office.

KHNP, a subsidiary of the state-owned Korea Electric Power Corporation, told the JoongAng Ilbo that most of the leaked information concerned older nuclear power plants.

The company claimed the leak exposed relatively little information about the APR-1000 and APR-1400, the latest Korean nuclear power plant models.

KHNP said that “most of the internal data obtained by the hackers from the partner company was information that does not directly impact the safety of nuclear power plants,” adding that “no material damage is confirmed to have resulted so far” from the leaks.

The company further said that external actors are unlikely to be able to use the stolen data to affect energy generation due to physical safeguards in place to protect the country’s nuclear power plants.

However, Choi criticized KHNP and its partner company for allowing hacks that “could threaten national security” and argued it was “sheer good luck” that the cyber intrusions resulted in “no leaks of technologies related to newer nuclear power plants.”

KHNP attributed the hackers’ ability to steal data to “the financial shortcomings of small- and medium-sized enterprises to invest in cybersecurity” and vowed to “provide customized institutional support to partner companies, recommend the recruitment of dedicated cybersecurity personnel and increase cybersecurity awareness.”

Hackers associated with North Korea have conducted multiple attacks on South Korean companies and institutions over the years as Pyongyang turns to cybercrime to gather funds for its illicit weapons programs and collect intelligence.

According to the results of an interagency probe released in May, North Korean hackers stole 1,014 gigabytes of data and documents from a South Korean court network over two years.

That hack was carried out by Lazarus, one of three North Korean hacking groups that breached the internal networks of 10 South Korean defense companies and stole technical data over 18 months, according to another joint investigation that wrapped up earlier this year.

BY MICHAEL LEE [lee.junhyuk@joongang.co.kr]