Authorities are investigating a recent string of hacking attempts which have targeted nuclear power plants in South Korea.
On December 9th between 5:00 am and 3:00 pm, computers of workers at the Korea Hydro & Nuclear Power (KHNP) were attacked by hackers, who succeeded in taking down four computers, three of which were connected to security-related networks.
The hackers used former employee’s email addresses to send nearly 6,000 malware messages to hundreds of employees. The malware code in the messages was designed to be activated at 11:00 am on December 10th. It is unclear at this time how the email addresses were obtained.
For more than 10 days, KHNP was unaware that its computers were infected with malicious programs. There is no way of knowing at this time how much data was stolen.
According to investigators, the hackers planned to immobilize any computers that were infected with the malware.
Between December 15th and December 21st, a hacker posted highly sensitive classified information including employee personal records, electricity flow charts, estimates of radiation exposure to local residents, reactor blueprints and manuals related to two South Korean nuclear reactors on Twitter.
Initially, KHNP officials would only say that the information released was non-classified data and was not important, but were unable to explain how the data was hacked.
On December 21st, prosecutors in Seoul launched an investigation into the hack. An official with the investigative team told reporters on December 22nd, “Given the hackers used several Internet protocols originating from the United States and Japan and the way they post warnings without the fear of leaving evidence, they are likely to be a highly experienced criminal group, rather than hacking individuals doing it for fun and personal reputation. It may take months or longer to arrest the perpetrators.”
According to officials, the hackers may be located in North Korea, as the nature of the attack and many of the fingerprints of the code are similar in nature to those used in the attacks against Sony Pictures, KBS, and Nonghyup banks.
South Korea has reached out to China and the United States and requested the FBI assistance in tracking the IP address of the hackers, who apparently used several IP addresses in Japan, the United States, and South Korea to disguise their location.
According to investigators, the hackers attack may not be over.