Cyber Incident Victim: Blue House
Date:
Oct 2015
Location:
South Korea
Summary
North Korean hackers breached servers at the South Korean executive office, compromising legislative members' computers and exfiltrating data. The intrusion occurred shortly after U.S. and South Korean leaders pledged enhanced cybersecurity cooperation against threats from North Korea, which has been previously implicated in high-profile attacks including a major entertainment studio hack and a subway system compromise.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In October 2015, South Korea’s National Intelligence Service (NIS) disclosed that North Korean hackers had breached servers belonging to the Blue House (Cheong Wa Dae), the executive office of the South Korean president. The intrusion occurred earlier that month, with attackers compromising systems and exfiltrating data from computers used by members of the National Assembly. This breach targeted critical government infrastructure directly linked to South Korea’s executive branch and legislative operations. The incident was publicly reported on October 21, less than a week after a joint press conference between U.S. President Barack Obama and South Korean President Park Geun-hye, during which both leaders emphasized enhanced bilateral coordination to counter cyber threats, particularly those originating from North Korea’s state-sponsored hacking units. The timing underscored the persistent cybersecurity challenges facing the U.S.-South Korea alliance. No specific details regarding the volume or sensitivity of stolen data were disclosed, nor did authorities reveal technical specifics about the attack vectors or malware employed in the breach.
This incident occurred against a backdrop of escalating cyber operations attributed to North Korea. In 2014, the FBI had formally attributed the destructive hack against Sony Pictures Entertainment to the North Korean government, citing retaliation for the film *The Interview*. Separately, South Korea’s NIS had also linked North Korea to a 2014 cyberattack on Seoul Metro, which disrupted operations of the capital’s subway system. The Blue House breach further demonstrated North Korea’s focus on high-value political targets in South Korea, aligning with a pattern of aggressive cyber campaigns aimed at intelligence gathering, disruption, and geopolitical signaling. The attack prompted renewed scrutiny of defensive measures within South Korean government networks but did not trigger immediate public announcements of retaliatory actions or policy changes. The incident reinforced existing concerns within the international cybersecurity community regarding North Korea’s evolving capabilities and willingness to target critical governmental institutions.