Plan to ‘Decapitate’ North Korean Leadership Stolen, South Korean Lawmaker Says
North Korea’s leaders allegedly blew a gasket in 2014 over “The Interview,” a comedy film that centered on an assassination plot against North Korean leader Kim Jong-un. So how might the country have reacted to “decapitation strike” plans prepared by the United States and South Korea that North Korean hackers reportedly stole last year?
See Also: Effective Cyber Threat Hunting Requires an Actor and Incident Centric Approach
The plan was part of a massive cache of classified military documents, including the latest U.S.-South Korean operational plans for a full-scale war with North Korea, that a South Korean lawmaker says hackers stole last September, South Korea’s Yonhap new agency reports.
In May, South Korean defense ministers said they were investigating a hack attack, but did not offer further details.
On Tuesday, however, Lee Cheol-hee, a member of South Korea’s ruling party, issued a statement saying that North Korean hackers had exfiltrated 235 GB of information from his country’s Ministry of National Defense, and said that about 80 percent of the stolen information had yet to be identified, Yonhap reports.
North Korean officials have continued to deny all such reports, dismissing them as “fabrications.”
But Lee, who’s also known as Rhee Cheol-hee, says that hackers stole detailed plans – including “OPLAN 5015,” which is a plan for responding to an “all-out war with Pyongyang,” including detailed procedures that would “decapitate” the North Korean leadership, as well as “OPLAN 3100,” which is the South Korean government’s “plan to respond to the North’s localized provocations,” Yonhap reports.
U.S. and South Korean officials have reportedly continued to revise those plans as Pyongyang has continued to pursue nuclear tests and test-fired missiles over the Pacific Ocean.
Lee said the plans had been stolen after maintenance work resulted in a “a simple mistake” involving a connector jack being used to link the military’s intranet to the internet, thus providing outside access to restricted systems, South China Morning Post reports.
North Korean Hackers
North Korea has been previously tied to numerous hack attacks, in part via groups of expatriates located abroad, including in China (see U.S. Government Warns of North Korean Hacking).
Last month, security experts warned that Pyongyang was increasingly resorting to bitcoin exchange heists and cryptocurrency mining to evade sanctions and fund the regime.
In May, evidence emerged suggesting a connection between “Lazarus Group,” a team of hackers that have been tied to North Korea, and the WannaCry ransomware outbreak (see Is WannaCry the First Nation-State Ransomware?).
Earlier this year, the Justice Department reportedly began preparing charges against multiple Chinese middlemen on allegations that they helped North Korean hackers to steal $81 million from the central bank of Bangladesh in February 2016 (see Report: DOJ Sees Bangladesh Heist Tie to North Korea).
‘G.O.P.’ Hacked Sony
Meanwhile, Sony’s 2014 assassination comedy “The Interview” led to a group that called itself the Guardians of Peace – G.O.P. – claiming credit for hacking Sony Pictures Entertainment. But the FBI has said it has no doubt that Pyongyang was behind the attack.
“The FBI has concluded the Government of North Korea is responsible for the theft and destruction of data on the network of Sony Pictures Entertainment,” the bureau told Information Security Media Group at the time. “There is no credible information to indicate that any other individual is responsible for this cyber incident.”
“The Interview” culminates in an epic confrontation between stars Seth Rogen and James Franco, respectively playing the presenter and producer of a popular, celebrity tabloid TV show called “Skylark,” fleeing in a stolen North Korean tank while they’re pursued by Kim Jong-un in a helicopter gunship.
Spoiler alert: The journalists accidentally blow “Dear Leader” out of the sky with a tank shell.
Real-world diplomatic efforts to unseat or disrupt Kim Jong-un appear to have met with less success. The country in July claimed its intercontinental ballistic missiles can now reach the United States. It also claims to have recently tested a miniaturized hydrogen bomb that could be fitted atop the ICBMs.
In September, U.S. President Donald Trump admonished Kim Jong-un, who he derided as a “rocket man” that was “on a suicide mission.”
In a rare response, the North Korean leader shot back, promising to “tame the mentally deranged U.S. dotard with fire.”