South Korea nuclear power plant is hacked, virus is discovered from internal system

On 21 December 2014Korea Hydroelectric Nuclear Power Co., Ltd.(KHNP) has been hacked, internal documents such as drawings of nuclear power plants are being uploaded on Twitter, from a hacker who calls "anti-protest"Requested nuclear power outage after ChristmasThere was a case that it was done, but the action taken on this case has been reported in Reuters.

Low-risk 'worm' removed at hacked South Korea nuclear operator | Reuters
http://www.reuters.com/article/2014/12/30/us-nuclear-southkorea-cybersecurity-idUSKBN0K80J620141230


According to the Korean authorities' announcement, when Korea Hydroelectric Nuclear Power (KHNP) was hacked and investigated the case that internal documents leaked, it was relatively harmless from the devices connected to the control systemwormWas discovered. However, the worm program was not infected by a hacker, and no harmful virus that threatened the danger to the reactor control system was found. The worm has already been deleted, and the infection route is seen as an unauthorized USB device by an employee.

Documents that leaked by hacking are only data of low importance, the Ministry of Energy and the nuclear plant manager announced that "We are confirmed that data on the control system can not be accessed from outside". South Korea's nuclear power generation accounted for by nuclear power generation by one-third of electricity generated domestically is the fifth in the world, but Korea's conservative party against security of nuclear powerSeenuri partyMr. Lee Jong-hyun criticizes as "question remains in the safety of the control system."

KHNP is increasing the special staff of cyber security, and we plan to set up a security monitoring committee by security experts gathered from inside and outside. Although it is said that hacking continued even after hacker specified the nuclear power plant stop, there was no attack of area concerning important operation. KHNP's CEO Cho Cho said "security of 23 nuclear reactor control systems in Korea is not totally destroyed by harmful code", he emphasized safety.


According to the investigation by the prosecutor of Korea, the IP address of the criminal is ChineseShenyangIt is proved to be, but the identity of the criminal has not been found out. Although the prosecution suggests the possibility that North Korea is involved in this hacking attack,North Korea denies involvementdoing.