Threat Management, Threat Intelligence

War documents, including assassination plan, stolen by North Korean hackers

North Korean hackers have stolen joint South Korean-US plans for war with the north, including plans to assassinate North Korean leader Kim Jung Un, according to an FT report quoting Lee Cheol-hee, a member of South Korea's Democratic party.

A defence data centre was apparently broken into in September last year, with some 235 gigabytes of data stolen, including Operational plan 5015, the latest plan for war with North Korea, though 80 percent of the documents are yet to be identified said Lee. They believed to include information on significant power plants and military facilities in the South, reports to the allies' senior commanders, and details on special forces,  but the South Korean military have not given any confirmation of these reports.

North Korea's cyber-warfare units have been blamed for various state attacks, with GCHQ suggesting the country may have been responsible for WannaCry,  while FireEye says it has been attempting to steal bitcoin from South Korean exchanges, and the North Korean Lazarus group is thought by some to be behind the hack of the Swift banking system, as well as the Sony hacks which were believed in revenge for The Interview film ridiculing North Korea's  leader.


Chris Doman, security researcher at AlienVault, who is investigating hacking groups in North Korea, emailed SC Media UK to comment, "The recent North Korea cyber hack may relate to the reported August 2016 compromise of the South Korean ministry of defence," going on to suggest that: "The group behind those attacks are named Andariel and likely a sub-group of the attackers behind the Sony attacks, WannaCry and SWIFT bank hacks. They are very active and we continue to see new malware samples from them every week."

The FT reports how Seoul's military online network was breached in May with state-run Yonhap news agency reporting Shin Jong-woo, a researcher at the Korea Defense and Security Forum as saying at that time,  “This is a total failure of management and monitoring [of classified information].”

It also offers another possible scenario,  quoting Kim Tae-woo, former president of the Korea Institute for National Unification, a South Korean think-tank, as saying,  “Part of my mind hopes the South Korean military intentionally leaked the classified documents to the North with the intention of having a second strategy.” 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.