Suspected North Korean hackers recently targeted several South Korean think tanks and security-related institutions. Their primary target appeared to be the Korea Atomic Energy Research Institute (KAERI), South Korea’s sole nuclear power research institute. In response to the recent attacks, the U.S Department of State called for strengthening the international joint efforts against North Korean cyber threats.
According to South Korea’s National Intelligence Service (NIS), KAERI had likely been exposed to cyber attacks by North Korea for 12 consecutive days, local media reported. The attacks appeared to have been carried out by North Korean state-linked organizations. Fortunately, they are not believed to have resulted in leakage of KAERI’s core research.
In a press briefing on June 18, People Power Party (PPP) lawmaker Ha Tae-keung, a South Korean National Assembly’s intelligence committee member, informed the media about the cyber attacks and urged the government to investigate.
“On May 14, 13 unauthorized external IP addresses invaded the KAERI’s intranet. ‘IssueMakersLab,’ an organization investigating North Korean cyber terrorism, traced the source of IP and confirmed that some of the IP addresses belong to the hacker organization ‘Kimsuky’ under the North Korean Reconnaissance General Bureau (RGB),” Ha said.
Two days later, on June 20, Korea JoongAng Daily reported that hackers also targeted Daewoo Shipbuilding & Marine Engineering (DSME), Korea’s leading manufacturer of submarines and a supplier to the South Korean navy. This attack, however, resulted in the possible exposure of important data, according to several government sources. The exact time of the hack was not specified, but it reportedly happened in the past year.
In a press conference on July 4, Ha said that he received multiple reports indicating that North Korea may have stolen technical data on nuclear-powered submarines jointly developed by KAERI and DSME. Ha added that this was not the first time that DSME was targeted. In April 2016, a major hack by North Korea resulted in the leakage of 40,000 internal data with more than 60 military secrets. It was one of the largest national security leaks in South Korean history.
Aerospace Industries Targeted
On June 30, Korean Aerospace Industries (KAI), a South Korean defense company, reported having suffered a cyberattack and had requested a police probe. On the same day, lawmaker Ha suggested that the KAI attack and the KAERI attack happened in a similar timeframe and were likely carried out by the same North Korean hacker organization, “Kimsuky.” Ha did not disclose the exact time of the attacks.
Ha also revealed that KAI is currently producing the Korean fighter KF-X series jets, and the hackers likely obtained its latest KF-21 design drawings.
KAI had been the subject of cyber attacks in May of 2020, according to a South Korea’s Ministry of National Defense report that did not disclose the exact time.
North Korean Hackers a Threat: US State Department
In response to the recent cyber attacks, U.S. State Department spokesperson Ned Price said on July 8 that North Korean hackers pose a significant threat, and the international community should strengthen its joint efforts to counter them.
“It’s vital for the international community, for network defenders and the public to stay vigilant and to work together to mitigate the cyber threat posed by North Korea,” Price emphasized.
On Feb. 17, John C. Demers, the assistant attorney general of the National Security Division in the U.S. Department of Justice, said that North Korean operatives used “keyboards rather than guns” to steal encrypted currencies from digital wallets. And they have become “the world’s leading bank robbers.”
At an event hosted by a Washington think tank in October 2020, Demers also said that the Chinese Communist Party (CCP) assisted North Korea with cyber theft and money laundering. He suggested that the CCP supported North Korea through its cyber infrastructure and likely also shared its expertise and provided training.
In March of 2020, the U.S. Department of Justice charged two Chinese nationals with helping North Korean operatives laundered cryptocurrency worth over $100 million and detailed Pyongyang’s use of hacking operations to evade sanctions.