North Korean hackers breach South Korean submarine builder (again)
Catalin Cimpanu June 21, 2021

North Korean hackers breach South Korean submarine builder (again)

North Korean hackers breach South Korean submarine builder (again)

  • Incident targeted DSME, the country's only submarine builder.
  • Report says hackers are from North Korea, but Seoul denies it.
  • DSME submarine files were also stolen in a massive hacking operation between 2014-2016.

North Korean hackers are believed to have breached South Korea’s top submarine builder for the second time in the past decade, South Korean news outlet JoongAng reported on Sunday.

The breach took place last year, and some data was taken in the attack, according to government sources who spoke with reporters.

The target of the attack was Daewoo Shipbuilding & Marine Engineering (DSME), one of the country’s three primary shipbuilding companies—together with Hyundai and Samsung—and the only submarine builder.

Sources said that some of the stolen files included plans for a nuclear-powered submarine that DSME and the South Korean Navy had been working on for the past few years.

The South Korean Defense Acquisition Program Administration (DAPA) confirmed the recent DSME security breach but denied the JoongAng report, which pinned the intrusion on North Korean hackers, claiming that an investigation is still underway.

South Korea’s submarine plans also hacked in 2014-2016

This marks the second time that North Korean hackers are suspected of stealing submarine-related files from DSME.

The first incident took place between July 2014 and March 2016, when hackers breached two South Korean telecom companies and pivoted to 160 companies that used their servers.

Considered one of the worst hacks in South Korea’s history, the hackers are believed to have gained access to South Korea’s war plansdesigns of F-15 engines and electronic systems, and secret files related to DSME submarines the company was building at the time.

Submarine tech is often targeted in cyber-espionage operations

Cyber-espionage operations targeting military technologies have become a common occurrence over the past decade, and submarine builders have often been targeted.

The most active have been Chinese cyber-espionage groups who have targeted an Indian submarine builder in 2012, a US Navy contractor in 2018, and a Russian submarine designer earlier this year.

In 2015, when Australia was considering bids for building its next-gen submarine model, officials said that the three companies they were considering were targeted by both Chinese and Russian hacking groups seeking to get their hands on its upcoming submarine design.

The most recent DSME breach also came to light two days after local reporters discovered that North Korean hackers also breached the country’s nuclear research agency, KAERI. However, no connection is believed to exist between the two incidents.

Catalin Cimpanu is a cybersecurity reporter for The Record. He previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.