Cyber Incident Victim: Daewoo Shipbuilding & Marine Engineering Co Ltd
Date:
Oct 2017
Location:
South Korea
Summary
A South Korean defense ministry division discovered that Daewoo Shipbuilding & Marine Engineering was hacked, with attackers assessed to be responsible for stealing sensitive documents including blueprints for warships such as Aegis-class vessels and submarines. North Korean hackers were identified as the likely perpetrators based on similarities to their known cyberattack methods, though the exact classification level of the compromised data remained undisclosed. The company acknowledged the incident and was verifying details at the time of reporting.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In April 2016, Daewoo Shipbuilding & Marine Engineering Co Ltd experienced a cyber intrusion into its database, resulting in the theft of sensitive documents, including blueprints for South Korean warships. The breach was discovered by a cybercrime investigation division under South Korea’s Ministry of Defence. South Korean opposition lawmaker Kyung Dae-soo publicly attributed the attack to North Korean hackers on October 31, 2017, stating investigators were "almost 100 percent certain" of their involvement based on hacking methods consistent with previous North Korean operations. The stolen data included blueprints for military vessels constructed by Daewoo, such as Aegis-class destroyers and submarines. The investigative team did not disclose the classification level or precise sensitivity of the compromised documents. Daewoo Shipbuilding’s spokeswoman acknowledged she was unaware of the incident until the lawmaker’s disclosure and stated the company was verifying the details at the time of reporting. The intrusion represented one of multiple alleged North Korean cyber operations during this period, with investigators drawing parallels to other attacks attributed to the regime.
The breach raised concerns about potential military security vulnerabilities, given Daewoo’s role in constructing advanced naval assets for South Korea. The incident occurred amid a broader pattern of North Korean cyber activities, including a separate theft of classified South Korea-U.S. wartime operational plans disclosed by another lawmaker earlier in October 2017. Kyung’s announcement also referenced North Korea’s suspected involvement in a contemporaneous cyber heist targeting Taiwan’s SWIFT banking network and the global WannaCry ransomware attack in May 2017, which British authorities had linked to Pyongyang. No specific technical details about the attack vector, malware, or Daewoo’s internal detection mechanisms were disclosed in the available reporting. The South Korean investigative unit’s findings relied on comparative analysis of attack methodologies rather than public evidence. Daewoo Shipbuilding did not release additional statements confirming the scope of data loss or remediation steps taken following the initial breach discovery.