Justice Minister Hwang Kyo-ahn said Wednesday that North Korea may be responsible for breaches of online security at the Korea Hydro and Nuclear Power (KHNP).
"We aren't ruling out the possibility that North Korea was behind the latest hacking attack. There are a lot of technical problems to find who did this; however, we are closely collaborating with the relevant authorities to confirm the culprit's identity," Hwang said during a session of the National Assembly.
"Prosecutors and the authorities believe the hackers used foreign sites, although the investigation is still underway," the minister said.
The remarks come a few hours after prosecutors said the authorities had traced the hackers responsible for the breaches of online security to China.
"An IP address of a suspected hacker was traced to the Chinese city of Shenyang. Shenyang is home to cyber experts dispatched by North Korean authorities," a senior official at the Supreme Prosecutors' Office told The Korea Times by telephone.
"The culprit's identity has not been confirmed. We are closely cooperating with authorities in China and the FBI. It's too early to confirm that North Korea was responsible for the latest hacking; however, there is a strong possibility that Pyongyang was behind the attack," he said.
The official said the IP address was acquired with the help of three virtual private network (VPN) operators. "The IP address was traced to China through the United States, Japan and Korea."
VPN is a technology allowing users to connect to any website anytime they have Internet access. All data sent through a VPN is encrypted, meaning that users' information is protected from hackers.
Citing similar patterns in a series of cyber attacks on local banks and broadcasters in 2013, cyber security experts said North Korea may be responsible for the hacking.
"Hackers attacked nuclear plants by adopting two-way channels," Prof. Lee Kyung-ho of Korea University said.
A leak of data including blueprints of nuclear reactors and KHNP-developed security codes for nuclear plants was posted on Naver and Nate with links to them on Twitter.
The hackers demanded the three reactors be closed for three months from Christmas. A second round of attacks will happen according to the situation, they said.
"All 23 KHNP-operated nuclear reactors are currently being monitored on a real-time basis. If any problems happen, then the reactors will automatically be shut down according to the safety manuals," a spokesman at the company said.
"Even if three reactors ― Gori 1, 3 and Wolsung 2 ― stopped generating power, the amount of back-up electricity is enough to meet demand without a power outage," he added.
Suh Kune-yull, a professor of nuclear engineering at Seoul National University, said, "This shows it is impossible to say with confidence that anyone intending to infiltrate the system can be blocked completely."
"The compromising of nuclear reactors safety pretty clearly means there is a gaping hole in national security," he added.