Korea Hydro and Nuclear Power Co. commercial network

Overview
In December 2014, hackers infiltrated and stole data from the commercial network of Korea Hydro and Nuclear Power Co., which operates 23 of South Korea’s nuclear reactors (Cho, 2014). The hackers gained access by sending phishing emails to the owner-operator’s employees, some of whom clicked on the links and downloaded the malware. The hackers obtained the blueprints and manuals of two reactors, most likely belonging to the Gori and Wolseong nuclear power plants, as well as electricity flow charts, personal data belonging to some 10,000 of the company’s employees, and radiation exposure estimates for inhabitants in the surrounding area. The data were leaked over Twitter from an account purported to belong to the head of an anti-nuclear group in Hawaii; the hackers also warned Korea Hydro and Nuclear Power Co. to shut down three reactors or face ‘destruction’. The owner-operator ignored the ultimatum, which turned out to be an empty threat.

Further blueprints and test data were leaked over Twitter in March 2015, with the hackers demanding money in order not to release more data and intimating that other countries had expressed interest in purchasing the data. Rather than responding, South Korea issued a statement officially blaming North Korea for the attack, citing as evidence that IP addresses used in the phishing attacks were linked to the regime; North Korea has strenuously denied the accusations.

The incident illustrates the rise in extortion in the nuclear industry. Those interviewed for the project have reported that such incidents, while not often publicly known, are relatively frequent.