A hacker that disclosed confidential documents relating to atomic power stations in Korea threatened that more documents would be handed over to other countries and that secondary destruction would follow unless the power plants are shut down by Dec. 25. Under the circumstances, North Korea is predicted to be engaged in the hacks carried out by an anti-nuclear group.
The person identifying as the head of the group disclosed additional confidential documents of the Korea Hydro & Nuclear Power Corporation via SNS channels on Dec. 19 and 20 after the corporation had said that the documents disclosed for the first time were not classified. The hacker also warned that 100,000 or so more documents would be disclosed as he or she wished. The secondary destruction is assumed to refer to cyber attacks, but the possibility of physical destruction caused by component malfunctioning cannot be ruled out, either. “After the facilities are shut down, I will hand over the documents to the government in New York,” the hacker said, adding, “The government will have to pay me some money.”
“It seems that the North is behind the curtain because the group, disguised as an environmental organization, has used North Korea-style words and tones, and is similar to the hacker group engaged in the June 25 cyber terror, in that it is trying to cause a social chaos by using the media,” an anonymous expert commented. “Although the message blames the corporation for attempting to hide the information leakage and demands the facilities be shut down, it is clear that the hacking is political given the title of the writing in which Cheongwadae is told to step in,” he continued. According to him, the incident at this time is likely to be closely associated with the cyber terrorist attack against Cheongwadae, the residence of the president of Korea, on June 25, 2013, and the recent hacking of Sony Pictures. The similarities include that the hacker publicized his or her hacks via SNS, leaked hacked data using the Pastebin website, and falsified the hacked website.
It has been found in a recent investigation that the malicious file sample detected in Sony Pictures carried Korean-language content, and that the malicious file was of the same type as that used in the June 25 attack. “The type of file and attack are very similar to those concerning the recent incident, which implies that North Korea is engaged in the incident,” the expert mentioned. He added, “It seems that the hacker intelligently hid malicious code in the Korean-language file of the control program before sending it to the corporation.”
In the meantime, an increasing number of attempts to spread malicious code against social infrastructure and government systems have been detected in the second half of this year. Experts are warning that this could be a sign of massive cyber terrorist attacks, and the government has to activate full-scale security systems. The targets include not only government organizations and military facilities but also communications networks, traffic control systems, power plants and grids, and medical institutions.