Hackers Extort S. Korea for Data on Nuclear Plants

A hacker who had posted inside information on South Korea’s nuclear power plants has made a fresh threat, demanding money in exchange for not handing over sensitive information to third countries. 

The hacker had posted files, including documents about the country’s indigenous advanced power reactor, on Twitter.
Using an account under the name of the president of an anti-nuclear group in Hawaii, the hacker posted additional files on Twitter, which reportedly included documents concerning the country’s indigenous advanced power reactor 1400.

“Need money. Only need to meet some demands… Many countries from Northern Europe, Southeast Asia and South America are saying they will buy nuclear reactor information. Fear selling the entire information will undermine President Park (Geun-hye)’s efforts to export nuclear reactors,” the posting said.

The hacker did not say how much money he wanted but warned that South Korea will end up losing much more if it tries to save a few hundreds of millions of dollars.

Officials from the Korea Hydro & Nuclear Power Co. (KHNP) said the documents released Thursday did not include any sensitive information and that they may have been obtained before the company boosted its security measures early last year that included completely cutting off its internal servers used to operate nuclear reactors from all outside access.
They earlier said they were not able to determine the nature or sensitivity of the released documents as safety protocol was blocking the downloading or opening of the files. 

The latest posting marked the sixth of its kind since Dec. 15. Then, a hacker who leaked information about South Korea’s nuclear plants online demanded money for not handing over sensitive information about the plants to other countries. 
The attacker had earlier demanded that KHNP shut down some of its reactors and had threatened to "bring destruction" to the power plants unless his demand was met before Christmas.

South Korea's government accused North Korea Tuesday of carrying out cyber-attacks last December on its nuclear power plant operator, describing them as a provocation, which threatened people's lives and safety.

"It's a clear provocation against our security," the unification ministry said after investigators concluded that the North was behind the attacks.

 “The malicious codes used for the nuclear operator hacking were the same in composition and working methods as the so-called ‘kimsuky’ malware that North Korean hackers use.” read a statement issued by the Republic of Korea’s Seoul Central District Prosecutor’s Office.

Recently hackers have targeted several times critical infrastructure of the South Korea, documents relates to part of the blueprints of nuclear power plants, including the hot water systems of the reactors at the Kori nuclear power plant in Gori, were blueprints of nuclear power plants, including the hot water systems of the reactors at the Kori nuclear power plant in Gori, were leaked via a Twitter account named “Who am I = No Nuclear Power.” 

Stolen data also included set of technical data and documents on reactor design. The attacker had earlier demanded that KHNP shut down some of its reactors and had threatened to "bring destruction" to the power plants unless his demand was met before Christmas. The hacker also threatened to launch 9,000 viruses as an attack against KHNP, which had reportedly found 7,000 viruses before.

"Since the so-called anti-nuclear group made its fifth release of information on Dec. 23, no cyber-attack or information leak has taken place while the documents released today appear to have been obtained long before," the company said in a press release, according to Yonhap. 

Among the information released recently was also the transcript of a telephone conversation between the South Korean president and UN Secretary General Ban Ki-moon.

ibtimes         koreatimes us edition        security affairs         independent      economic times