Pyongyang’s Move to Compel Adversaries in Cyberspace

By Jenny Jun

Jenny Jun is a co-author of the 2015 Center for Strategic and International Studies report North Korea’s Cyber Operations: Strategy and Responses. She is a doctoral student at the Department of Political Science at Columbia University. Her current interests include the bargaining model of war, strategic dynamics of cyber conflict, and security issues in East Asia. She was formerly a cybersecurity consultant at Delta Risk, and served as president of Sejong Society.

In December 2014, while many were still preoccupied with the aftermath of the North Korean cyber attack on Sony Pictures Entertainment, South Korea was in a crisis of its own. An entity identifying itself as an “Anti-Nuclear Power Group” demanded that the country shut down three of its civilian nuclear reactors by Christmas Day, threatening to release 100,000 pages of sensitive documents and inflict “secondary destruction” if its demands were not met. It also demanded, rather vaguely, a payment of $10 billion. For a week after Dec. 15, the group gradually tension by releasing documents including the reactors’ blueprints, safety evaluations, and information regarding the power plant’s employees.

On Christmas Eve, South Korea’s government and the nuclear operator, Korea Hydro & Nuclear Power Co. (KHNP) conducted an emergency security check and went into lockdown. Media reported on the crisis around the clock. However, when the day came, no attack was attempted on the reactors, no additional documents were released, and no additional communication came from the group afterward. Months later, researchers attributed the attack to North Korea’s primary intelligence and covert operations agency, the Reconnaissance General Bureau. More interestingly, investigations revealed that the documents released were from compromised subcontractors, while the main malware deployed did not contain code for extracting data. The malware also only targeted KHNP headquarters, not the reactors. It was a well-staged bluff.

“The Cipher Brief has become the most popular outlet for former intelligence officers; no media outlet is even a close second to The Cipher Brief in terms of the number of articles published by formers.” —Sept. 2018, Studies in Intelligence, Vol. 62

Access all of The Cipher Brief’s national security-focused expert insight by becoming a Cipher Brief Subscriber+ Member.

Subscriber+

Categorized as:CyberTagged with:

Related Articles

Search

Close