14 DAY TRIAL // The South Korean government is being threatened by an individual with the release of sensitive information on the country’s power plants unless monetary demands are met.
In December 2014, the Korea Hydro and Nuclear Power (KHNP) fell victim to a cyber-attack from a group operating under the name “Who am I = No nuclear power,” who since then posted technical documentation and employee information of over 10,000.
Additional data revealed by the hackers included the user manual for version 5 of the general purpose Monte Carlo N–Particle computer code (MCNP5), which is used for particle (neutron, photon, electron) transport in a nuclear reactor core; the document is publicly available without any restrictions.
Attackers are based in South Korea
The new cache of files, the sixth one so far, related to the advanced power reactor (APR) 1400 at Kori nuclear power plant and system plans; it was posted on Twitter from an account under the name of the of an anti-nuclear group in Hawaii, Yonhap news agency reports.
KHNP admitted to the attack in December and said that it did not impact the safety of the power plant due to analog protection systems that could terminate the activity of the reactor in a safe manner.
The hacker outfit claimed to be based in Hawaii, but an investigation into the incident in December revealed that the attackers are actually operating from South Korea.
Demand may amount to hundreds of millions of dollars
According to the news outlet, the message said, “Need money. Only need to meet some demands. Many countries from Northern Europe, Southeast Asia and South America are saying they will buy nuclear reactor information. Fear selling the entire information will undermine President Park's efforts to export nuclear reactors.”
The hacker did not disclose the amount of the ransom but cautioned the South Korean government that by trying to save a few hundred million dollars it runs the risk of losing a lot more.
KHNP says that the latest information leaked by the hackers does not include any classified data and that it may have been obtained early last year, before the internal server was fully isolated as a part of hardened security measures.