North Korean hackers steal F-15 design

Photo credit: GongTo /

North Korean hackers have stolen a trove of documents from South Korean defense firms, including wing designs for the U.S. F-15 fighter jet, authorities in Seoul said on June 13, according to news reports.

The hackers stole over 40,000 documents from South Korean defense firms in a campaign that began in 2014 but was only discovered this year, the Wall Street Journal and Reuters reported. The hacking campaign targeted over 140,000 computers at 160 South Korean firms and government agencies, Reuters reported.

Boeing makes the F-15, which is flown by the South Korean military.

The alleged cyberattack on South Korean firms is the latest in a series of bold cyber maneuvers linked to North Korea. The reclusive dictatorship in Pyongyang has allegedly used cyberspace to try to claw back money and influence from an international system from which it is increasingly isolated.

News reports quoted South Korean police as saying the detected intrusions were preparation for a much larger cyberattack on South Korean assets.

"The North has, time and again, proved its willingness to trample on the norms of state behavior and this latest alleged attack in cyberspace is in keeping with that pattern," Rep. Jim Langevin (D-R.I) said in a statement to FCW. "If, as has been reported, the DPRK was planning on launching a cyber attack from these compromised computers, the community of nations must respond forcefully."

Security firm Symantec has linked the hackers who stole $81 million from a bank in Bangladesh in February to the 2014 hack of Sony Pictures Entertainment. The Obama administration blamed North Korea for the late-2014 Sony Picture hack and leveled sanctions on North Korea officials in retaliation. 

North Korea is "capable of conducting damaging and disruptive cyberattacks during peacetime," according to a December 2015 report from the Center for Strategic and International Studies. In wartime, the North Korean regime would shift to targeting the command and control networks of the South Korean and American militaries, the report predicted.

Tony Cole, global government CTO at FireEye Inc., said cyberattacks on South Korean infrastructure have tended to be just sophisticated enough to achieve their intent.

"If you're an attacker and don't have to expose your best tools and processes to compromise an enterprise, why wouldn't you save them for future targets that may be harder to crack?" Cole told FCW.

About the Author

Sean Lyngaas is an FCW staff writer covering defense, cybersecurity and intelligence issues. Prior to joining FCW, he was a reporter and editor at Smart Grid Today, where he covered everything from cyber vulnerabilities in the U.S. electric grid to the national energy policies of Britain and Mexico. His reporting on a range of global issues has appeared in publications such as The Atlantic, The Economist, The Washington Diplomat and The Washington Post.

Lyngaas is an active member of the National Press Club, where he served as chairman of the Young Members Committee. He earned his M.A. in international affairs from The Fletcher School of Law and Diplomacy at Tufts University, and his B.A. in public policy from Duke University.

Click here for previous articles by Lyngaas, or connect with him on Twitter: @snlyngaas.


Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.