TOKYO — North Korean hackers stole a huge trove of classified U.S. and South Korean military documents last year, including a plan to “decapitate” the leadership in Pyongyang in the event of war, a lawmaker in Seoul said Tuesday.
The revelations, if substantiated, come at a time of heightened tensions over North Korea, with President Trump most recently saying that “only one thing will work” when it comes to Pyongyang, hinting at military action.
The defense minister in Japan, a close military ally of the United States, said Tuesday that Trump might take such action against North Korea as soon as next month.
“I think President Trump will judge in the middle of November how effective pressure and other efforts have been,” Itsunori Onodera told reporters in Tokyo. “If there have been no changes from North Korea, it’s possible that the U.S. will take severe measures.”
In Seoul, Rhee Cheol-hee, a lawmaker in the ruling Democratic Party and a member of the parliamentary national defense committee, said that North Korean hackers broke into the Defense Integrated Data Center in September last year to steal secret files, including American and South Korean “operational plans” for wartime action. The data center is the main headquarters of South Korea’s defense network.
According to Rhee, the stolen documents included OPLAN 5015, the plan drafted two years ago for dealing with full-blown war with North Korea and said to include procedures to “decapitate” the North Korean leadership. He said the cache also included OPLAN 3100, outlining the military response to infiltration by North Korean commandos or another local provocation, as well as a contingency plan in case of a sudden change in North Korea.
While the two Koreas have technically been on a war footing since their civil war ended in an armistice in 1953, anything that suggests the death or ouster of North Korea’s leader, or his assassination, is tantamount to heresy in the North, where the ruling Kims are treated like gods.
Responding to reports about the plans for decapitation strikes, the North’s Korean People’s Army said in March that it would “deal deadly blows without prior warning” to “the U.S. and South Korean puppet forces.”
“They should think twice about the catastrophic consequences to be entailed by their outrageous military actions,” the army’s general staff said, according to a state news report.
Rhee made his claims about the alleged cyberattack to South Korean reporters, citing documents obtained from the Defense Ministry under a freedom of information request. Rhee’s aides told The Washington Post on Tuesday that the lawmaker had collected information from several sources with knowledge of the cyberattacks, and they confirmed that local media had correctly reported Rhee’s remarks.
Yonhap News Agency, citing Rhee, reported that the hackers had taken 235 gigabytes of military documents and that almost 80 percent of the documents stolen had not yet been identified.
The leaked documents also included reports on key South Korean and U.S. military personnel, the minutes of meetings about South Korean-U.S. military drills, and data on military installations and power plants in South Korea, reported the Chosun Ilbo, South Korea’s largest newspaper.
“I can’t reveal further details because they are a military secret,” Rhee said, according to the paper.
The U.S. and South Korean militaries have a mutual defense pact under which the American military would assume operational control of the alliance if a war breaks out. The two militaries conduct large-scale drills twice a year, rehearsing the responses to various scenarios on the Korean Peninsula.
As Kim has accelerated his nuclear weapons program and aimed increasingly bellicose threats at the allies, those plans have been updated to include “beheading operations” — strikes designed to take out North Korea’s leaders.
South Korea’s Defense Ministry declined to confirm or comment on the reports of a cyberattack.
South Korean lawmakers have a spotty record when it comes to revealing information about what is happening inside North Korea, with many claims later turning out to be wrong. But in this case, the claims relate to something that has happened inside South Korea, and there have been hints about such a cyberattack in recent months.
In May, the Defense Ministry disclosed that the South Korean military’s intranet had been hacked by people “presumed to be North Koreans.” But the military said that only 53 gigabytes of information had been stolen, and it did not reveal what it included.
The previous month, reports emerged that North Korean hackers had broken into the Defense Ministry network and infected more than 3,000 computers, including the defense minister’s, with malware.
At the time, South Korean newspapers, quoting unnamed government officials, reported that parts of one operational plan, OPLAN 5027, which outlines troop deployment plans and key North Korean targets, had been stolen.
This is hardly the first time that North Korean leader Kim Jong Un’s regime has been accused of outrageous cyberattacks. The country’s spy agency, the Reconnaissance General Bureau, is thought to have trained and assembled a large cyber army, assumed to be based in China, to launch these kinds of hacks.
North Korea is alleged to have been behind numerous attacks on South Korea’s financial networks and government systems and was blamed for the hacking of Sony Pictures Entertainment in 2014, apparently as retaliation for the movie “The Interview,” which culminates with Kim being blown up.
Most recently, North Korea was accused of being behind a cyberattack last year on Bangladesh’s central bank that netted $81 million and of masterminding the WannaCry ransomware that rocketed around the world earlier this year.
Pyongyang has repeatedly denied any responsibility for or knowledge of the attacks.
Yoonjung Seo in Seoul contributed to this report.