SIM Report: Northeast Asia, Issue 3

NORTH KOREA & INDIA: NUCLEAR PLANT HACK INDICATES EVOLVING CYBER THREATS

Research by Issue Maker Lab, Seoul-based and government-linked cybersecurity experts, on 12 November indicated that North Korea was behind a confirmed cyberattack on India’s Kundankulam nuclear power plant in the southern state of Tamil Nadu. The revelation comes after state-owned Nuclear Power Corporation of India Limited on 30 October confirmed that it had located the DTrack malware in the plant’s system but denied that crucial data had been compromised. The research reaffirms suspicions that the hack was likely carried out by the North Korea-linked Lazarus Group, voiced by cyber experts after the hack.

DTrack malware also featured in a 2016 hack on transaction device operator Hitachi Payment Services that exfiltrated millions of Indian users’ financial data. It also demonstrated similarities to a 2016 cyberattack on South Korea’s ministry of national defence, as well as a 2013 Lazarus Group-attributed espionage campaign on South Korean banks and media companies. The hackers embedded the malware through a link sent to the personal and official email addresses of key researchers associated with the development of thorium-based nuclear power that spread through the plant’s IT networks.

The attack on the Kundankulam facility raises concerns over more potential attacks at critical national infrastructure facilities worldwide, as well as signals increasing breadth and complexity of North Korea-linked cyberattacks. Indeed, a UN report in August revealed that North Korea had generated approximately USD2 billion through ‘increasingly sophisticated attacks’ targeting cryptocurrency exchanges and financial institutions since at least 2017 to finance in weapons of mass destruction programmes. It also signals a growing trend of North Korean hackers’ targeting crucial nuclear operations; previous attacks on nuclear facilities linked to North Korean hackers include hacks on Korea Hydro and Nuclear Power (KHNP) in 2014 and Belgian nuclear research centre SCK•CEN in January 2019.

Though it could have been aimed at disrupting the plant’s operations, the hack was likely carried out to steal sensitive research on thorium-based reactors. India’s nuclear programme has very close links between military weapons and civil nuclear power projects. Any breach is thus a considerable national security threat. India is known for being on the forefront in the development of thorium-based reactors, due to its scarcity of uranium. Thorium does not produce plutonium needed to create nuclear weapons and would thus make Pyongyang appear less threatening  to the world. It is also less costly, and more environmentally friendly, efficient, and safe, than uranium. This technology could also be sold to other countries, especially those that have low amounts of uranium.

North Korea has ambitious nuclear plans, and there is a moderate likelihood that Pyongyang will announce a discontinuation of nuclear negotiations with the United States and the cementing of its status as a nuclear power at an upcoming Workers’ Party plenum in December. Negotiations have been significantly imperilled through the North Korean regime’s hostile response towards continued joint US-South Korea military operations. An official return to developing nuclear weapons would signal a resumption of North Korea’s policy of Byungjin, which means the simultaneous development of nuclear weapons and the economy. North Korea has become exponentially better in this type of asymmetric warfare as it has served, and will continue to serve, as a useful means for financial and critical technological gain, albeit illegally. For the long term, North Korea-linked cyberattacks are likely to remain a risk to businesses and other entities.


WANT TO READ MORE ANALYSIS IN THIS LATEST SIM EDITION...

JAPAN & UNITED STATES: SPEEDY TRADE DEAL RATIFICATION WILL BENEFIT MEAT EXPORTERS AND MANUFACTURERS FROM JANUARY 

CHINA & UNITED STATES: US SIGNING OF HUMAN RIGHTS ACTS, IMPOSITION OF TARIFFS LIKELY TO DELAY REACHING OF PHASE-ONE TRADE DEAL