North Korea Hacking War: Attack Planned To Target US Power Grid

North Korea had plans to direct a cyber attack against power grids in the United States and successfully launched an attack directed at South Korea’s Ministry of Defense, NBC News reported.

Word of the isolated nation’s intentions to infiltrate electrical systems in the U.S., which comes as tensions between the nations continue to rise, came courtesy of a report from cybersecurity firm FireEye. The information was provided by the company to private clients and obtained by NBC News.

The attack directed at American power grids took the form of spear phishing attacks—a specialized attack designed to target a specific individual or organization in an attempt to compromise a machine or steal valuable information including login credentials.

Despite the best efforts of the state-sponsored hackers, the phishing attacks failed. According to the report, it is believed that North Korea was unable to gain access to any of the targeted electric utilities in the U.S.

Michael Daly, the chief technology officer for cybersecurity and special missions at cybersecurity firm Raytheon, told International Business Times the attack “isn't the first, and it's certainly not going to be the last” to be launched against power grids and other fundamental infrastructure.

“In fact, critical infrastructure networks are now the terrain over which nation states are playing out their political and military battles. This year we have seen this in Ukraine and the Middle east and across Europe,” he noted.

“There are many reasons to target smart grids. Nation-states can learn a lot by watching power usage. Or they can lay in wait having an impact on any entity attached to the grid. As we look at ways to protect our critical infrastructure we should look at segmented architectures that still allow data to flow but minimize risk and exposure to our most important data and systems,” Daly said.

While the campaign may have failed, the attempts of North Korean hackers to target utility companies presents a growing risk for American companies that are responsible for keeping the lights on for millions of homes across the country.

Many power grids operate on a network separate from the public internet, insulating the systems that control the grid from attackers. But data that relies commands from the grid to remote equipment—known as supervisory control and data acquisition (SCADA) data—often travels across the public internet and could be at risk.

Additionally, individuals who work at utility companies could be targeted directly, as appeared to be the case in the spear phishing attack. Often all it takes is one user account to be compromised for an attacker to gain access to a system. From there, the attacker could manipulate the permissions allowed to the compromised user or attempt to escalate their access.

While power grid operators appeared to withstand the first stage of the North Korean attack, a campaign launched by hackers in the solitary nation against its neighbors in South Korea was reportedly more successful.

North Korean hackers were able to successfully infiltrate South Korea’s defense ministry and stole a large collection of military documents that purport to detail wartime contingency plans developed by South Korea and the U.S.

A total of 235 gigabytes of military documents were reported to be stolen from South Korea’s Defense Integrated Data Centre in a breach that took place in September 2016, and 80 percent of those stolen files have yet to be identified.