10139
Views

South Korea’s Shipbuilders Attacked by Hackers from North Korea Warns NIS

South Korean submarine
Previously, North Korean targeted DMSE after it completed the country's first ballistic submarine (DSME file photo)

Published Oct 4, 2023 2:36 PM by The Maritime Executive

South Korea’s National Intelligence Service issued a public alert today reporting that it has detected new cyber-attacks believed to be coming from North Korea targeting the country’s prominent shipbuilders. They reported intercepting multiple attacks and cautioned that additional attacks are expected. North Korea has repeatedly targeted the shipbuilding industry including reports in 2017 of an attack that breached sensitive data on Aegis Class destroyers.

According to today’s statement, multiple attacks were launched in August and September against the South Korean shipbuilders. In addition to using phishing emails containing malicious code sent to employees of the shipyards, the NIS reports that the attacks have been aimed at IT maintenance contractors as a means of bypassing security.

The National Intelligence Service said it believes the attacks are due to North Korea’s leader Kim Jong-un’s recent declaration that his country would “usher in a new era of shipbuilding.” During his first visit to a North Korean machine complex, Kim emphasized the need to expand North Korea’s shipbuilding industry and strengthen its naval forces. He issued instructions for the industry to build medium to large-size warships.

The alert says that relevant companies have been notified of the detected activity and are being urged to conduct security checks. Saying that it expects the efforts to continue, the NIS also reported that it would increase monitoring and provide additional support to the targeted sectors.

In November 2021, South Korean shipbuilder and defense contractor Daewoo Shipbuilding & Marine Engineering (DSME) confirmed that it was investigating a possible breach of its systems. It was believed to be the second incident detected on the company’s computer systems in five months and came shortly after DSME completed South Korea's first domestically-built ballistic submarine.

DSME was also the target of another attack in 2017. In that case, it was alleged that North Korean hackers were successful in obtaining approximately 40,000 pages including plans and several classified military documents. The documents were believed to contain information on construction technology, blueprints, weapons systems, and evaluations of the ships and submarines. DSME, which this year became Hanwha Ocean, continues to be one of the government’s largest contractors for advanced weapons systems.