The South Korea government blame North Korea for network invasions that stole data from Korea Hydro and Nuclear Power (KHNP), ” the company that operates South Korea’s 23 nuclear reactors”. The attackers had demanded the shutdown of three reactors just after the intrusion. They also threatened “destruction” in a message posted to Twitter.
“(In many ways, the cyber-attack bears hallmarks of the attack on Sony Pictures last year: the hackers have demanded an unspecified amount of money, claimed to be part of an activist group, and are threatening the release of more data if their demands—which include the shut-down of three nuclear plants—are not met. The malware used in the attack was spread in a wave of 5,986 phishing attacks, sent in e-mails to 3,571 KHNP employees. And the first release of data included personal information on 10,799 KHNP employees.)”
According to all that, The Malware that North Korean hakcers use was same thing as the so called ‘Kimsuky’ malware. That was also same Malware used in the Sony attack. Its language was formed by Korean language.
In addition to that, one of South Korea’s news agency reports that KHNP finds 7,000 viruses but gets a message from an attacker saying that there are 9,000 more viruses waiting his order. The attackers also claim to have data about South Korea’s indigenous nuclear power reactor program and are threatening to sell it.
Many countries from Northern Europe, Southeast Asia and South America are trying to buy nuclear reactor information. It will make President Park’s power weaken.
“In addition to identifying the malware used in the attack, the South Korean government’s investigation traced Internet traffic related to the attack back to addresses for a network in northeast China near the North Korean border. The government had earlier requested Assistance from the Chinese Government in identifying the source of the attack”.