South Korean lawmaker says North Korea stole secret documents with war plans

North Korean hackers may have stolen a large cache of classified military documents, including the latest South Korea-U.S. wartime operational plan, a South Korean ruling party lawmaker said Tuesday.

Classified material includes plans to eliminate North Korean leader Kim Jong-un if a crisis breaks out

A FireEye information analyst works in front of a screen showing a near real-time map tracking cyberthreats at the FireEye office in Milpitas, Calif., in late 2014. FireEye said recent cyberattack attempts by North Korea were likely aimed at creating a means of "deterring potential war or sowing disorder during a time of armed conflict." (Beck Diefenbach/Reuters)

North Korean hackers stole a large amount of classified military documents, including South Korea-U.S. wartime operational plans to wipe out the North Korean leadership, a South Korean ruling party lawmaker said on Wednesday.

Democratic Party representative Rhee Cheol-hee said in radio appearances on Wednesday that 235 gigabytes of military documents were taken from the Defence Integrated Data Center in September last year, citing information from unnamed South Korean defence officials.

An investigative team inside the defence ministry announced in May the hack had been carried out by North Korea, but did not disclose what kind of information had been taken.

Pyongyang has denied responsibility for the cyberattacks in its state media, criticizing Seoul for "fabricating" claims about online attacks.

Phishing U.S. electric companies

Separately on Wednesday, cybersecurity firm FireEye said in a statement North Korea-affiliated agents were detected attempting to phish U.S. electric companies via emails sent in mid-September, although these attempts did not lead to a disruption in the power supply.

It did not specify when the attempts had been detected or clarify which companies had been affected.

North Korean leader Kim Jong-un is shown last year. Pyongyang has denied responsibility for cyberattacks on South Korea, criticizing Seoul for "fabricating" claims. (Damir Sagolj/Reuters)

Rhee, currently a member of the National Assembly's committee for national defence, said about 80 per cent of the hacked data has not yet been identified, but that none of the information was expected to have compromised the South Korean military as it was not top classified intelligence.

Some of the hacked data addressed how to identify movements of members of the North Korean leadership, how to seal off their hiding locations, attack from the air before eliminating them, the lawmaker had said.

'A simple mistake'

These plans had likely not been classified properly but defence ministry officials told Rhee the hacked documents were not of top importance, he said.

Rhee said on Wednesday the hack had been made possible via "a simple mistake" after a connector jack linking the military's intranet to the internet had not been eliminated after maintenance work had been done on the system.

North Korean leader Kim Jong-un inspects a ballistic rocket in this undated photo released by North Korea's Korean Central News Agency earlier this year. Classified documents allegedly stolen from South Korea were said to outline plans by Seoul and Washington to eliminate Kim if a crisis breaks out or appears imminent. (Korean Central News Agency via Reuters)

The South Korean Defence Ministry's official stance is that they can not confirm anything the lawmaker said in terms of the hacked content due to the sensitivity of the matter.

In Washington, the Pentagon said it was aware of the media reports but would not comment on the potential breach.

"Although I will not comment on intelligence matters or specific incidents related to cyber intrusion, I can assure you that we are confident in the security of our operations plans and our ability to deal with any threat from North Korea," Pentagon spokesperson Col. Robert Manning told reporters.

'Sowing disorder'

FireEye said the phishing attack on the electric companies detected was "early-stage reconnaissance" and did not indicate North Korea was about to stage an "imminent, disruptive" cyberattack.

The North has been suspected of carrying out similar cyberattacks on South Korean electric utilities, in addition to other government and financial institutions.

Dotard. Rocket man. Fire and fury. With two unconventional leaders hurling threats and insults amid talk of the unthinkable, we untangle myth from reality. 25:54

Those attempts were likely aimed at creating a means of "deterring potential war or sowing disorder during a time of armed conflict", FireEye said.

"North Korea linked hackers are among the most prolific nation-state threats, targeting not only the U.S. and South Korea but the global financial system and nations worldwide," its statement said.

"Their motivations vary from economic enrichment to traditional espionage to sabotage, but all share the hallmark of an ascendant cyber power willing to violate international norms with little regard for potential blowback," it said.