North Korea likely behind hack targeting South Korean Nuclear Submarine

Mathew Ha

The South Korean Defense Acquisition Program Adminis-tration (DAPA) stated on Sunday that hackers infiltrated Daewoo Shipbui-lding and Marine Engin-eering, seeking to steal d-ocuments regarding naval vessels and submarines, a breach ROK officials attr-ibuted to North Korea. If true, this incident underscores Pyongyang’s continued exploitation of cyber espionage both to bolster its own military capabilities and to study South Korea’s latest military advances.
According to DAPA, the hackers targeted files concerning “long-running conceptual research into the development of nuclear-powered submarines that was conducted by Daewoo Shipbuilding.” Since as early as 1994, Seoul has been interested in acquiring or indigenously developing a nuclear-powered attack submarine. Pyongyang stated in January that it is developing its own nuclear-powered submarine.
Ha Tae-keung, an opposition member of the South Korean National Assembly, said early evidence suggests that Kimsuky, a North Korean-sponsored hacker group, perpetrated the Daewoo breach. He noted that the hackers used internet protocol addresses similar to those associated with a prior Kimsuky cyber espionage operation targeting the Korea Atomic Energy Research Institute (KAERI) in May. KAERI has also been involved in Seoul’s nuclear submarine effort by studying potential designs for submarine reactors in the 1990s.
While the attribution to Kimsuky remains unconfirmed, the hackers’ moti-ves correlate with the gro-up’s alleged purpose. The US Cybersecurity and Inf-rastructure Security Agency has reported that Kimsuky conducts “global intelligence collection activities on foreign policy and nat-ional security issues related to the Korean Peninsula, nuclear policy, and sanctions.” Kimsuky has targeted foreign policy experts in US, Japanese, and South Korean government and military agencies. Issue Makers Lab, a South Korean cybersecurity company, added that Kimsuky has attacked South Korean defense firms Hanhwa, PoongSan, and S&T, seeking information on military vehicles and artillery ammunition.
The Daewoo hack can benefit the regime of North Korean dictator Kim Jong Un in two ways. First, in line with Pyongyang’s announced goal of building its own nuclear-powered submarine, North Korean weapons developers could simply copy the stolen designs to construct their own submarines. Second, North Korea’s military planners could study the stolen information to discover vulnerabilities within the new South Korean weapons systems. Such objectives are consistent with Pyongyang’s asymmetric warfare strategy, which seeks to augment North Korean military power by exploiting its adversaries’ weaknesses.
North Korea will likely continue similar cyber espionage operations targeting private and public entities involved in South Korean military development, including ballistic missile development. Last month, the United States and South Korea terminated the Revised Missile Guidelines, which previously prevented Seoul from developing ballistic missiles with a firing range of greater than 800 kilometers.
North Korea lambasted Seoul for this decision, saying the move serves as a “reminder of the US hostile policy toward the DPRK.” Hence, Pyongyang’s cyber units may now target the firms and agencies involved in the development of longer-range South Korean missiles.
Going forward, South Korea and the United States should prepare for future cyberattacks by strengthening the defenses of potential targets. This will require patching computer networks to address existing software vulnerabilities that could allow hackers to gain illicit access.
Additionally, both governments should encourage defense firms and agencies to ensure their personnel are trained to handle cybersecurity threats such as spear-phishing emails and other social engineering schemes that hackers routinely employ to deceive targets. It is imperative that Washington and Seoul anticipate and stay ahead of these cyber threats. Leaving these dangers unaddressed will provide Pyongyang with an easy opening to advance its military ambitions at the expense of the United States and South Korea.