Data Breach , Data Loss

Report: North Korean Hackers Stole War Plans

Plan to 'Decapitate' North Korean Leadership Stolen, South Korean Lawmaker Says
Report: North Korean Hackers Stole War Plans
North Korean leader Kim Jong-un, pictured in September. (Photo: KCNA)

North Korea's leaders allegedly blew a gasket in 2014 over "The Interview," a comedy film that centered on an assassination plot against North Korean leader Kim Jong-un. So how might the country have reacted to "decapitation strike" plans prepared by the United States and South Korea that North Korean hackers reportedly stole last year?

See Also: Effective Cyber Threat Hunting Requires an Actor and Incident Centric Approach

The plan was part of a massive cache of classified military documents, including the latest U.S.-South Korean operational plans for a full-scale war with North Korea, that a South Korean lawmaker says hackers stole last September, South Korea's Yonhap news agency reports.

In May, South Korean defense ministers said they were investigating a hack attack, but they did not offer further details.

On Tuesday, however, Lee Cheol-hee, a member of South Korea's ruling party, issued a statement saying that North Korean hackers had exfiltrated 235 GB of information from his country's Ministry of National Defense and said that about 80 percent of the stolen information had yet to be identified, Yonhap reports.

North Korean officials have continued to deny all such reports, dismissing them as "fabrications."

But Lee, who's also known as Rhee Cheol-hee, says that hackers stole detailed plans - including "OPLAN 5015," which is a plan for responding to an "all-out war with Pyongyang," including detailed procedures that would "decapitate" the North Korean leadership, as well as "OPLAN 3100," which is the South Korean government's "plan to respond to the North's localized provocations," Yonhap reports.

U.S. and South Korean officials have reportedly continued to revise those plans as North Korea has continued to pursue nuclear tests and test-fired missiles over the Pacific Ocean.

Lee said the plans had been stolen after maintenance work resulted in "a simple mistake" involving a connector jack being used to link the military's intranet to the internet, thus providing outside access to restricted systems, South China Morning Post reports.

North Korean Hackers

North Korea has been previously tied to numerous hack attacks, in part via groups of expatriates located abroad, including in China (see U.S. Government Warns of North Korean Hacking).

Last month, security experts warned that North Korea was increasingly resorting to bitcoin exchange heists and cryptocurrency mining to evade sanctions and fund the regime.

In May, evidence emerged suggesting a connection between "Lazarus Group," a team of hackers that have been tied to North Korea, and the WannaCry ransomware outbreak (see Is WannaCry the First Nation-State Ransomware?).

Earlier this year, the Justice Department reportedly began preparing charges against multiple Chinese middlemen on allegations that they helped North Korean hackers steal $81 million from the central bank of Bangladesh in February 2016 (see Report: DOJ Sees Bangladesh Heist Tie to North Korea).

The Sony Hack

Meanwhile, Sony's 2014 assassination comedy "The Interview" apparently led to a group that called itself the Guardians of Peace - G.O.P. - claiming credit for hacking Sony Pictures Entertainment. But the FBI has said it has no doubt that North Korea was behind the attack.

"The FBI has concluded the government of North Korea is responsible for the theft and destruction of data on the network of Sony Pictures Entertainment," the bureau told Information Security Media Group at the time. "There is no credible information to indicate that any other individual is responsible for this cyber incident."

"The Interview" culminates in an epic confrontation between stars Seth Rogen and James Franco, respectively playing the presenter and producer of a celebrity tabloid TV show called "Skylark," fleeing in a stolen North Korean tank while they're pursued by Kim Jong-un in a helicopter gunship.

Spoiler alert: The journalists accidentally blow "Dear Leader" out of the sky with a tank shell.

Real-World Realities

Real-world diplomatic efforts to unseat or disrupt Kim Jong-un appear to have met with less success. North Korea in July claimed its intercontinental ballistic missiles can now reach the United States. It also claims to have recently tested a miniaturized hydrogen bomb that could be fitted atop the ICBMs.

In September, U.S. President Donald Trump admonished Kim Jong-un, who he derided as a "rocket man" who was "on a suicide mission."

In a rare response, the North Korean leader shot back, promising to "tame the mentally deranged U.S. dotard with fire."


About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the Executive Editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, amongst other publications. He lives in Scotland.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.eu, you agree to our use of cookies.