June 22, 2021 | Policy Brief

North Korea Likely Behind Hack Targeting South Korean Nuclear Submarine

June 22, 2021 | Policy Brief

North Korea Likely Behind Hack Targeting South Korean Nuclear Submarine

The South Korean Defense Acquisition Program Administration (DAPA) stated on Sunday that hackers infiltrated Daewoo Shipbuilding and Marine Engineering, seeking to steal documents regarding naval vessels and submarines, a breach ROK officials attributed to North Korea. If true, this incident underscores Pyongyang’s continued exploitation of cyber espionage both to bolster its own military capabilities and to study South Korea’s latest military advances.

According to DAPA, the hackers targeted files concerning “long-running conceptual research into the development of nuclear-powered submarines that was conducted by Daewoo Shipbuilding.” Since as early as 1994, Seoul has been interested in acquiring or indigenously developing a nuclear-powered attack submarine. Pyongyang stated in January that it is developing its own nuclear-powered submarine.

Ha Tae-keung, an opposition member of the South Korean National Assembly, said early evidence suggests that Kimsuky, a North Korean-sponsored hacker group, perpetrated the Daewoo breach. He noted that the hackers used internet protocol addresses similar to those associated with a prior Kimsuky cyber espionage operation targeting the Korea Atomic Energy Research Institute (KAERI) in May. KAERI has also been involved in Seoul’s nuclear submarine effort by studying potential designs for submarine reactors in the 1990s.

While the attribution to Kimsuky remains unconfirmed, the hackers’ motives correlate with the group’s alleged purpose. The U.S. Cybersecurity and Infrastructure Security Agency has reported that Kimsuky conducts “global intelligence collection activities on foreign policy and national security issues related to the Korean Peninsula, nuclear policy, and sanctions.” Kimsuky has targeted foreign policy experts in U.S., Japanese, and South Korean government and military agencies. Issue Makers Lab, a South Korean cybersecurity company, added that Kimsuky has attacked South Korean defense firms Hanhwa, PoongSan, and S&T, seeking information on military vehicles and artillery ammunition.

The Daewoo hack can benefit the regime of North Korean dictator Kim Jong Un in two ways. First, in line with Pyongyang’s announced goal of building its own nuclear-powered submarine, North Korean weapons developers could simply copy the stolen designs to construct their own submarines. Second, North Korea’s military planners could study the stolen information to discover vulnerabilities within the new South Korean weapons systems. Such objectives are consistent with Pyongyang’s asymmetric warfare strategy, which seeks to augment North Korean military power by exploiting its adversaries’ weaknesses.

North Korea will likely continue similar cyber espionage operations targeting private and public entities involved in South Korean military development, including ballistic missile development. Last month, the United States and South Korea terminated the Revised Missile Guidelines, which previously prevented Seoul from developing ballistic missiles with a firing range of greater than 800 kilometers. North Korea lambasted Seoul for this decision, saying the move serves as a “reminder of the U.S. hostile policy toward the DPRK.” Hence, Pyongyang’s cyber units may now target the firms and agencies involved in the development of longer-range South Korean missiles.

Going forward, South Korea and the United States should prepare for future cyberattacks by strengthening the defenses of potential targets. This will require patching computer networks to address existing software vulnerabilities that could allow hackers to gain illicit access. Additionally, both governments should encourage defense firms and agencies to ensure their personnel are trained to handle cybersecurity threats such as spear-phishing emails and other social engineering schemes that hackers routinely employ to deceive targets.

It is imperative that Washington and Seoul anticipate and stay ahead of these cyber threats. Leaving these dangers unaddressed will provide Pyongyang with an easy opening to advance its military ambitions at the expense of the United States and South Korea.

Mathew Ha is a research analyst focused on North Korea at the Foundation for Defense of Democracies (FDD), where he also contributes to FDD’s Center on Cyber and Technology Innovation (CCTI) and Center on Military and Political Power (CMPP). For more analysis from Mathew, CCTI, and CMPP, please subscribe HERE. Follow Mathew on Twitter @MatJunsuk. Follow FDD on Twitter @FDD and @FDD_CCTI and @FDD_CMPP. FDD is a Washington, DC-based, nonpartisan research institute focusing on national security and foreign policy.


Cyber Military and Political Power North Korea