South Korean lawmaker says North Korea stole secret documents with war plans

North Korean hackers stole a large amount of classified military documents, including South Korea-U.S. wartime operational plans to wipe out the North Korean leadership, a South Korean ruling party lawmaker said on Wednesday.

Democratic Party representative Rhee Cheol-hee said in radio appearances on Wednesday that 235 gigabytes of military documents were taken from the Defence Integrated Data Center in September last year, citing information from unnamed South Korean defence officials.

An investigative team inside the defence ministry announced in May the hack had been carried out by North Korea, but did not disclose what kind of information had been taken.

Pyongyang has denied responsibility for the cyberattacks in its state media, criticizing Seoul for "fabricating" claims about online attacks.

Phishing U.S. electric companies

Separately on Wednesday, cybersecurity firm FireEye said in a statement North Korea-affiliated agents were detected attempting to phish U.S. electric companies via emails sent in mid-September, although these attempts did not lead to a disruption in the power supply.

It did not specify when the attempts had been detected or clarify which companies had been affected.

Rhee, currently a member of the National Assembly's committee for national defence, said about 80 per cent of the hacked data has not yet been identified, but that none of the information was expected to have compromised the South Korean military as it was not top classified intelligence.

Some of the hacked data addressed how to identify movements of members of the North Korean leadership, how to seal off their hiding locations, attack from the air before eliminating them, the lawmaker had said.

'A simple mistake'

These plans had likely not been classified properly but defence ministry officials told Rhee the hacked documents were not of top importance, he said.

Rhee said on Wednesday the hack had been made possible via "a simple mistake" after a connector jack linking the military's intranet to the internet had not been eliminated after maintenance work had been done on the system.

The South Korean Defence Ministry's official stance is that they can not confirm anything the lawmaker said in terms of the hacked content due to the sensitivity of the matter.

In Washington, the Pentagon said it was aware of the media reports but would not comment on the potential breach.

"Although I will not comment on intelligence matters or specific incidents related to cyber intrusion, I can assure you that we are confident in the security of our operations plans and our ability to deal with any threat from North Korea," Pentagon spokesperson Col. Robert Manning told reporters.

'Sowing disorder'

FireEye said the phishing attack on the electric companies detected was "early-stage reconnaissance" and did not indicate North Korea was about to stage an "imminent, disruptive" cyberattack.

The North has been suspected of carrying out similar cyberattacks on South Korean electric utilities, in addition to other government and financial institutions.

Those attempts were likely aimed at creating a means of "deterring potential war or sowing disorder during a time of armed conflict", FireEye said.

"North Korea linked hackers are among the most prolific nation-state threats, targeting not only the U.S. and South Korea but the global financial system and nations worldwide," its statement said.

"Their motivations vary from economic enrichment to traditional espionage to sabotage, but all share the hallmark of an ascendant cyber power willing to violate international norms with little regard for potential blowback," it said.