{
	"id": "2b9bb12e-e68c-4d37-a402-1b95bcfa46bb",
	"created_at": "2026-04-06T00:13:55.846488Z",
	"updated_at": "2026-04-10T13:11:36.255153Z",
	"deleted_at": null,
	"sha1_hash": "37fed375c8864b3ea41281d67a6d780a5f1dc19b",
	"title": "South Korea claims North hacked nuclear data",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 32214,
	"plain_text": "South Korea claims North hacked nuclear data\r\nBy Sean Gallagher\r\nPublished: 2015-03-17 · Archived: 2026-04-05 19:13:44 UTC\r\nLast week, partial blueprints of nuclear power plants, including the hot water systems of the reactors at the Kori\r\nnuclear power plant in Gori, South Korea, were leaked via a Twitter account named “Who am I = No Nuclear\r\nPower.” The profile for the account claimed the author was “president of anti-nuclear reactor group from Hawaii.”\r\nThis was the sixth posting of information since December 15 of last year. Other data released so far included what\r\namounts to a random collection of technical data, including a manual for running Monte Carlo simulations and\r\ndocuments on reactor design.\r\nIn a recent Twitter post, South Korea’s Yonhap news agency reports the attacker “‘congratulated’ the KHNP for\r\nfinding 7,000 viruses but claimed 9,000 more were awaiting his or her order.” The attackers also claim to have\r\ndata about South Korea’s indigenous nuclear power reactor program and are threatening to sell it.\r\n“Need money. Only need to meet some demands… Many countries from Northern Europe, Southeast Asia and\r\nSouth America are saying they will buy nuclear reactor information. Fear selling the entire information will\r\nundermine President Park (Geun-hye)’s efforts to export nuclear reactors,” the posting said.\r\nIn addition to identifying the malware used in the attack, the South Korean government’s investigation traced\r\nInternet traffic related to the attack back to addresses for a network in northeast China near the North Korean\r\nborder. The government had earlier requested assistance from the Chinese government in identifying the source of\r\nthe attack.\r\nSource: https://arstechnica.com/information-technology/2015/03/south-korea-claims-north-hacked-nuclear-data/\r\nhttps://arstechnica.com/information-technology/2015/03/south-korea-claims-north-hacked-nuclear-data/\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://arstechnica.com/information-technology/2015/03/south-korea-claims-north-hacked-nuclear-data/"
	],
	"report_names": [
		"south-korea-claims-north-hacked-nuclear-data"
	],
	"threat_actors": [
		{
			"id": "34eea331-d052-4096-ae03-a22f1d090bd4",
			"created_at": "2025-08-07T02:03:25.073494Z",
			"updated_at": "2026-04-10T02:00:03.709243Z",
			"deleted_at": null,
			"main_name": "NICKEL ACADEMY",
			"aliases": [
				"ATK3 ",
				"Black Artemis ",
				"COVELLITE ",
				"CTG-2460 ",
				"Citrine Sleet ",
				"Diamond Sleet ",
				"Guardians of Peace",
				"HIDDEN COBRA ",
				"High Anonymous",
				"Labyrinth Chollima ",
				"Lazarus Group ",
				"NNPT Group",
				"New Romanic Cyber Army Team",
				"Temp.Hermit ",
				"UNC577 ",
				"Who Am I?",
				"Whois Team",
				"ZINC "
			],
			"source_name": "Secureworks:NICKEL ACADEMY",
			"tools": [
				"Destover",
				"KorHigh",
				"Volgmer"
			],
			"source_id": "Secureworks",
			"reports": null
		}
	],
	"ts_created_at": 1775434435,
	"ts_updated_at": 1775826696,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/37fed375c8864b3ea41281d67a6d780a5f1dc19b.pdf",
		"text": "https://archive.orkl.eu/37fed375c8864b3ea41281d67a6d780a5f1dc19b.txt",
		"img": "https://archive.orkl.eu/37fed375c8864b3ea41281d67a6d780a5f1dc19b.jpg"
	}
}