A hacker group labelled “Who am I = No nuclear power” released data regarding the advanced power reactor (APR) 1400 and system plans from Kori nuclear plant on Twitter this Tuesday.
The tweet also had a ransom message for an unknown amount for not exporting the stolen data to other countries.
There were clues regarding the payment method and the hackers stated that in-compliance with their demand can pose greater threat to the South Korean government than a few hundred million dollars.
The attackers, however, manage to acquire confidential data through the breach that occurred last year but it didn’t disrupt the regular activity of any of the reactors at the power plant.
Prosecutors, in the light of available evidence, suggested that North Korea is behind the attack.
Central prosecutor’s office in South Korea gave out a statement stating that the investigations have revealed a consistency in the methods that usually North Korean hackers use and the malware was identified to be “Kimsuki.”
Prosecutors stated that the attacks occurred between December 9 and December 12 in 2014 and targeted around 3,571 employees operating the nuclear power plant through over 6,000 phishing emails comprising of malicious codes, according to Reuters.
Reportedly, Pyongyang government was suspected by Seoul government because the IP addresses detecting the origin of the cyber-attacks have been identified to be from a Northeastern Chinese city close to North Korea.
Probably it is Shenyang that fits the sketch since it is the region from where the secret cyber division of North Korea “Bureau 121” carries out its missions.