• Updated 2021.7.22 17:32
  • All Articles
  • member icon
  • facebook cursor
  • twitter cursor
Military secrets to financial scams: How North Korea's hacks on the South have evolved
폰트키우기 폰트줄이기 프린트하기 메일보내기 신고하기
승인 2017.10.13  14:02:24
페이스북 트위터

The scale of hacks by North Korea on the South Korean military computer network last year has recently been revealed by South Korea lawmaker Rhee Cheol-hee.

The 235 gigabytes of documents contained "OPLAN 5015," which are thought to be classified plans to be used in case of a war against the North. They supposedly even contained a plan to assassinate the North Korean Leader Kim Jong-un.

The documents were accessed in September last year, although, North Korea have never actually admitted to the attack instead denying their involvement in it.

However, this attack was by no means the first cyber attack that South Korea has suffered, supposedly, at the hands of the North. Here is a look at some of the most famous attacks Korea has suffered over the years.

1) Denial-of-service (DDoS) Attack in 2009.

North Korean hacking first hit the spotlight in 2009 when a serious of DDoS attacks hit South Korea and the United States. These attacks hit various government, media, and financial websites in both countries

Starting on July 7, 2009, websites hit in South Korea included the Presidential Blue House Website, The National Intelligence Service, the Ministry of Foreign Affairs and Trade and also popular private companies such as web portal Naver and bank Nong Hyup, and more.

On July 9, another wave of attacks hit banks, the National Intelligence Service, and also websites in the U.S.

While none of these attacks had a financial demand, Korea is estimated to have suffered around 54.4 billion won worth of damage and some it also suffered a loss in its reputation as an internet powerhouse.

2) March and June attacks in 2013.

On March 20, 2013, the websites of media outlets such as KBS, MBC, YTN, and also banks such as Shinhan Bank, and Nonghyup were hit by hacks. This completely paralyzed some of the websites and even led to a short suspension in internet banking and ATM services.

On June 25 of the same year, Government agencies were once again hit and, perhaps most embarrassingly, comments were left on the Korea government websites praising North Korean leader Kim Jong Un.

3) More cyber terrorism and sensitive nuclear plans accessed in 2014.

While previous attacks had seemingly just been aiming to shut down websites and cause disruption, attacks in December 2014 hit the Korea Hydro & Nuclear Power (KHNP)'s internal network, giving the hackers access to power plant design charts, radioactivity exposure figures of nearby residents, and even personal information of employers.

After the attacks, files were posted before demands for money were made on Twitter where the account holder claimed that other countries had offered to pay for the data related to nuclear power plants.

The attacks were made when the attackers sent 5,986 phishing emails containing malicious code to 3,571 people working at the KHNP.

While after a short investigation and analysis of the IP address used in the hacking Korea blamed the attacks on North Korea although, they also said that none of the documents contained sensitive information that could be used to harm Korea.

However, like in the previous attacks, North Korea denied all involvement.

4) Sensitive military documents accessed.

In September 2016 North Korea attacked the Defense Integrated Data Center (DIDC) and supposedly accessed a significant amount of sensitive data.

At the time of the attack, it was revealed that OPLAN 5027, a classified plan for what to do in the event of war after a first strike by North Korea.

However, it has recently come to light that the hackers also most likely hacked OPLAN 5015, a more up-to-date set of plans that supposedly included plans for the assassination of Kim Jong Un.

During the attacks, malicious code was suspected to have hit more than 2,500 PCs including that of then Minister of National Defense Han Min-gu.

5) A move into financial hacking.

While earlier attacks by North Korea seemed to focus on disruption and then gaining military secrets, recently there seems to have been a move towards hacking for financial gain .

This includes a set of attacks that gained financial data from an ATM server. The hacker, with links to the North, supposedly made around 126.6 million won by selling these details to people who bought them to make clone cards or take out online loans.

[Related Stories]

Duncan Elder의 다른기사 보기  
ⓒ Jeju Weekly 2009 (
All materials on this site are protected under the Korean Copyright Law and may not be reproduced, distributed, transmitted, displayed, published without the prior consent of Jeju Weekly.
폰트키우기 폰트줄이기 프린트하기 메일보내기 신고하기
페이스북 트위터
60 Second Travel
Jeju-Asia's No.1 for Cruise

Jeju Weekly

Mail to  |  Phone: +82-64-724-7776 Fax: +82-64-724-7796
#505 jeju Venture Maru Bldg,217 Jungangro(Ido-2 dong), Jeju-si, Korea, 690-827
Registration Number: Jeju Da 01093  |  Date of Registration: November 20, 2008  |  Publisher: Hee Tak Ko  | Youth policy: Hee Tak Ko
Copyright 2009 All materials on this site are protected under the Korean Copyright Law and may not be reproduced, distributed, transmitted, displayed, published
without the prior consent of jeju