Tag: cyber warfare

Picture of the Day: South Korea Enters NATO’s Cyber Defense Group

Marking S. Korea's entry into NATO cyber defense group
Marking S. Korea’s entry into NATO cyber defense group
This photo, provided by the North Atlantic Treaty Organization (NATO) Cooperative Cyber Defense Center of Excellence (CCDCOE), shows a ceremony hoisting the South Korean national flag at the center in Tallinn, Estonia, on May 5, 2022, on the occasion of South Korea’s entry into the cyber defense group as a regular member the same day. (PHOTO NOT FOR SALE) (Yonhap)

North Koreans Steal OPLAN Because Someone Left an Unclassified Computer Plugged Into Its Secret Network

Here is how the North Koreans were able to get access to OPLAN 5015:

A South Korea lawmaker recently disclosed that hackers suspected to be North Korean gained access to Seoul’s highly secured military intranet in September 2016 and made off with the US and South Korea’s secret war plans.

“It’s a ridiculous mistake,” the lawmaker, Rhee Cheol-hee, told The Wall Street Journal.

North Korean personnel reportedly attacked a South Korean cybersecurity firm and embedded themselves in the software. South Korea’s military used the software on its military computers, but the North Koreans still shouldn’t have been able to get in because Seoul keeps its internet, or outwardly connected network, separate from its intranet, or private network.

But it took only one computer plugged into both the internet and the intranet for the North Koreans to break in, The Journal reported.

“They should have removed the connector jack immediately after maintenance work,” Rhee said.

As a result, North Korea reportedly got ahold of Operation Plan 5015, the US and South Korea’s secret war plan to kill the North Korean leader Kim Jong Un.  [Business Insider]

Maybe someone with IT experience can tell me why an unclassified networked computers needs to be plugged into a classified network for maintenance reasons?

South Korea Accuses North Korea of Hacking Into Cyber Command Server

North Korea’s cyber warfare teams apparently have hacked into South Korea’s cyber command:

interkorean flag

North Korea appears to have hacked South Korea’s cyber command in what could be the latest cyberattack against Seoul, the military here said Tuesday, .

“It seems the intranet server of the cyber command has been contaminated with malware. We found that some military documents, including confidential information, have been hacked,” an official at the Ministry of National Defense told Yonhap News Agency. He said that authorities suspect North Korea is behind the latest online infiltrations.

The cyber command said it isolated the affected server from the whole network to avoid the spread of viruses. But it has yet to fully determine what data were leaked.

It marked the first time that the data of South Korea’s cyber command has been compromised. South Korea set up the command in January 2010 as part of its efforts to counter external hacking attempts on the country’s military.  [Yonhap]

You can read the rest at the link, but the article says that classified information may have been stolen.

US Tried to Launch Stuxnet Attack Against North Korea and Failed

This report is not really surprising because infecting North Korea’s nuclear program with a Stuxnet like virus would be far more challenging than Iran.  Reportedly the US and Israel were able to infect the Iranians’ nuclear program with the virus despite it being on a closed Intranet.  They did this by infecting a worker’s USB thumb drive with the virus who then plugged it into a computer within the intranet.  With Iran being a more open society it would be easier to place intelligence assets within the country to pull off such an attack.  In North Korea it would be much more difficult due to the closed nature of their society where most people are not even free to move about the country without an official permit much less get close enough to a nuclear facility to identify ways to infect their systems:

north korea nuke,

The United States tried to deploy a version of the Stuxnet computer virus to attack North Korea’s nuclear weapons program five years ago but ultimately failed, according to people familiar with the covert campaign.

The operation began in tandem with the now-famous Stuxnet attack that sabotaged Iran’s nuclear program in 2009 and 2010 by destroying a thousand or more centrifuges that were enriching uranium. Reuters and others have reported that the Iran attack was a joint effort by U.S. and Israeli forces.

According to one U.S. intelligence source, Stuxnet’s developers produced a related virus that would be activated when it encountered Korean-language settings on an infected machine.

But U.S. agents could not access the core machines that ran Pyongyang’s nuclear weapons program, said another source, a former high-ranking intelligence official who was briefed on the program.

The official said the National Security Agency-led campaign was stymied by North Korea’s utter secrecy, as well as the extreme isolation of its communications systems. A third source, also previously with U.S. intelligence, said he had heard about the failed cyber attack but did not know details.

North Korea has some of the most isolated communications networks in the world. Just owning a computer requires police permission, and the open Internet is unknown except to a tiny elite. The country has one main conduit for Internet connections to the outside world, through China.  [Reuters via a reader tip]

You can read more at the link, but I am sure the North Koreans are smart enough to not be using USB thumb drives thus meaning their systems are likely only vulnerable to an insider attack.