S Korea seeks Chinese help over nuclear cyber-attack

A South Korean employee takes part in a simulated drill to ensure the safety of nuclear power plants under cyber-attacks at a training centre of the Wolseong Nuclear Power Plant in the south-eastern city of Gyeongju (22 December 2014) Image copyright AFP
Image caption South Korea says the hackers did not compromise safety at its nuclear plants

South Korea is seeking the help of China over a cyber-attack on its nuclear power network after the IP address of a suspected hacker was traced to a north-eastern Chinese city.

Seoul says multiple internet addresses used in the attacks stem from Shenyang city near the North Korean border.

China has not responded to the request but says it firmly opposes hacking.

It is not clear who is behind the leaks of data, which officials say did not undermine the safety of the reactors.

South Korea has not ruled out North Korean involvement in the attack. In the past it has blamed its northern neighbour for hacks on banks, government websites and broadcasters.

'No jurisdiction'

Image copyright AFP
Image caption Blueprints of nuclear reactors were leaked on social media
Image copyright Getty Images
Image caption South Korean nuclear workers have over the last few days held exercises to offset a cyber-attack

"An IP address of a suspected hacker was traced to the Chinese city of Shenyang. Shenyang is home to cyber experts dispatched by North Korean authorities," a senior official at the Supreme Prosecutors' Office told The Korea Times .

"The culprit's identity has not been confirmed. We are closely co-operating with authorities in China and the FBI. It's too early to confirm that North Korea was responsible for the latest hacking; however, there is a strong possibility that Pyongyang was behind the attack," he said.

South Korean officials emphasise that the location of the internet addresses used to target its facilities does not conclusively prove the source of the hack was either China or North Korea.

"When we have the co-operation of the Chinese... We will be asking for checks or maybe a search of the location of the IP addresses," an official quoted by Reuters said.

"As we're doing this, there is a possibility that the IP addresses in China are not the final source but used in a routing. It's possible [the network] in China was used [remotely] from some other location."

Last week, designs and manuals of plant equipment owned by Korea Hydro and Nuclear Power Co (KHNP) were put online by an unknown individual or group.

A threat was made that unless three reactors were closed by Christmas, people should "stay away" from them.

KHNP, the sole nuclear operator in Korea, is to conduct a series of large-scale drills at four nuclear power plant complexes.

It is not known if this cyber-attack is in any way related to an incident last month when Sony Pictures was hacked and unreleased films put online.

The US says North Korea was behind the attack. Pyongyang has denied this and has called for a joint investigation.

Days later, the communist country's internet was shut down for several hours.

More on this story