South Korean investigators said Tuesday that they found links between North Korea and the series of hacking attempts that led to a data leak of the former’s nuclear power plants in December. The attack had occurred when a hacker, who claimed to be an activist against nuclear power, posted confidential information online, including blueprints, about South Korea’s nuclear power plants and threatened to destroy the facilities unless they were shut down.
A special investigation team, set up by South Korea, said Tuesday that the hack "is believed to have been caused by an (unidentified) group of North Korean hackers who aimed at causing social unrest and agitating the people," Yonhap, the South’s official news agency, reported.
Last week, a hacker had also demanded money in exchange of not handing over sensitive information about the plants to other countries.
"Need money. Only need to meet some demands. ... Many countries from Northern Europe, Southeast Asia and South America are saying they will buy nuclear reactor information. Fear selling the entire information will undermine President Park (Geun-hye)'s efforts to export nuclear reactors," the hacker said in a Twitter post.
Prosecutor Choi Yun-soo said, according to Yonhap, that investigators found 94 pieces of data, which were compromised. The attackers reportedly stole the data by illegally accessing emails and online communities used by the employees of Korea Hydro and Nuclear Power Co. (KHNP), instead of launching a direct hacking attempt on the network.
"We've learned that the malicious code used in the e-mail attack in December was similar to what North Korean hackers usually employ," an official from the investigation team said, according to Yonhap, adding: "Multiple Internet protocol addresses used for the attacks were found to be based in North Korea."
The attacks were made between Dec. 9 and Dec. 12, when 5,986 phishing emails, with malicious code, were sent to 3,571 employees of KHNP, Reuters reported, citing prosecutors. At the time, a hacker had reportedly threatened "destruction" and demanded the shutdown of three reactors in Twitter messages.
South Korea had previously said it suspected links between North Korea and the hacking attempts, and had even asked help from Chinese investigators.
In a separate statement Tuesday, South Korea had also promised to enhance cybersecurity in the country to prevent similar hacking attempts, Reuters reported.