Source of Hacks
It was revealed on Dec. 9 that hundreds of malicious emails were sent from email accounts of ex-employees of Korea Hydro & Nuclear Power.
The joint government investigation task force on personal information crime (chief prosecutor; Lee Jung-Su) said on December. 25, “Hundreds of KNHP employees received emails with malicious code on December 9, most of which were sent from accounts of retired KNHP employees.”
Over 300 pieces of malicious code were identified and they are currently being analyzed by the joint investigation.
The investigation is going on the ex-employees as they are found out to be the owners of the email sending accounts. However the joint investigation estimates that those individuals are highly likely to have had their accounts stolen as well.
This is similar to the situation where IP addresses and Twitter accounts were stolen to be exploited for releasing KNHP inside data on the internet which happened for the five times beginning on December 15.
Results of the joint investigation confirms that the email sender utilized IP addresses allocated through internet virtual private network service, most of which originated from ShenYang, China.
The joint investigation is appraising it is most likely that the distributor of the malicious emails and the alleged offender who uploaded the leaked data are the same individual or group.
An official from the joint investigation said, “Though we cannot be 100% sure, circumstances support that a same individual or group is responsible for both disclosing the stolen nuclear plant data and sending the emails to KNHP employees.
The comparison of the IP addresses that were used to send the emails with the ones that were exploited for posting threads that contain leaked information revealed that there are significant similarities such as having the same numbers in both of the each 12 digit set except for the last numbers of each.