North Korea hacked into more than 140,000 computers at 160 South Korean firms and government agencies, planting malicious code under a long-term plan laying groundwork for a massive cyber attack against its rival, police in the South said on Monday.
South Korea has been on heightened alert against cyber attacks by the North after Pyongyang conducted a nuclear test in January and a long-range rocket launch in February that led to new U.N. sanctions.
The North has always denied wrongdoing.
The hacking began in 2014 and was detected in February, after North Korea managed to steal information from two conglomerates including defense-related material, South Korea’s police cyber investigation unit said.
“There is a high possibility that the North aimed to cause confusion on a national scale by launching a simultaneous attack after securing many targets of cyber terror, or intended to continuously steal industrial and military secrets,” it said.
The hackers took no action after gaining control of servers and computers at some corporate groups and waited, as they continued to hack into more targets in what police said was likely an effort to build the scale of a planned attack.
Reclusive North Korea and the rich, democratic South are technically still at war because their 1950-53 conflict ended in an armistice, not a peace treaty. The North regularly threatens to destroy the South and its main ally, the United States.
In March, the South’s spy agency said it had intercepted an attempt to hack into South Korean computer networks to attack the transport system’s control network, blaming the North for the attempt.
“F-15 FIGHTER JET WINGS BLUEPRINT”
The United States accused North Korea of a cyber attack against Sony Pictures in 2014 that led to the studio cancelling the release of a comedy based on the fictional assassination of leader Kim Jong Un. North Korea denied the accusation.
In the most recent case, documents stolen from the two conglomerates included blueprints for the wings of F-15 fighter jets, an official at the cyber investigation unit told Reuters by telephone.
Of the more than 42,000 materials stolen, more than 40,000 were defense-related.
South Korean media said the two conglomerates were the SK and Hanjin groups, but police declined to confirm that.
A spokesman at SK Holdings said four group affiliates were affected by the hacking but they worked with the police to quickly close the breach and the leaked documents were not classified.
A spokesman at Korean Air Lines, part of Hanjin Group, said the documents leaked from its network were not classified and no other group affiliates were affected.
A Defense Ministry official said none of the defense-related materials stolen was secret and there was no security breach.
The hacking originated from an IP address traced to the North Korean capital and targeted network management software that is widely used by private companies and government agencies, police said, declining to identify the software.
The IP address was identical to one used in a 2013 cyber attack against South Korean banks and broadcasters that froze computer systems for more than a week. South Korea blamed the North for that attack, and the North denied responsibility.
Police said they worked with the affected companies and agencies to neutralize the malicious codes and prevent them from being used in a large-scale cyber attack.
(Additioal reporting by Jee Heun Kahng, Ju-min Park and Hyunjoo Jin; Editing by Tony Munroe and Nick Macfie)