Cyber Incident Victim: Daewoo Shipbuilding & Marine Engineering Co Ltd
Date:
Jun 2021
Location:
South Korea
Summary
North Korean hackers are suspected of breaching a major South Korean submarine builder, resulting in the theft of sensitive military files including plans for a nuclear-powered submarine under development with the nation's navy. This marked the second such intrusion targeting the company, following a prior compromise years earlier that exfiltrated classified submarine designs and defense materials. While authorities confirmed the security breach, they refrained from attributing it to North Korea pending investigation. The incident reflects persistent cyber-espionage campaigns against naval technology developers, with submarine programs frequently targeted by state-aligned groups seeking advanced military capabilities.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In June 2021, South Korean media reported that Daewoo Shipbuilding & Marine Engineering (DSME), the country’s sole submarine manufacturer, suffered a data breach attributed to North Korean hackers. The intrusion occurred in 2020 and resulted in the theft of sensitive files, including plans for a nuclear-powered submarine under joint development with the South Korean Navy. Government sources confirmed the breach but refrained from publicly attributing it to North Korea, with the Defense Acquisition Program Administration (DAPA) acknowledging the incident while stating its investigation remained ongoing. This marked the second major breach of DSME’s submarine-related data by suspected North Korean operatives, following a previous compromise between July 2014 and March 2016. During the earlier campaign, hackers infiltrated two South Korean telecom providers and leveraged this access to compromise 160 organizations, including DSME. That breach, considered one of South Korea’s most severe cyber incidents, resulted in the theft of classified military documents such as war plans, F-15 fighter jet engine designs, and submarine blueprints.
The 2021 DSME breach occurred amid persistent cyber-espionage targeting global submarine technology developers. Historical patterns indicate Chinese and Russian state-sponsored groups frequently pursued similar objectives, including attacks on an Indian submarine builder in 2012, a U.S. Navy contractor in 2018, and a Russian submarine designer earlier in 2021. In 2015, during Australia’s next-generation submarine bidding process, officials disclosed that all three competing firms faced intrusion attempts by Chinese and Russian hackers seeking design specifications. The DSME breach disclosure coincided with revelations that North Korean hackers had separately compromised Korea Atomic Energy Research Institute (KAERI), though authorities found no operational link between the two incidents. No public details emerged regarding technical detection methods, containment measures, or specific post-incident remediation steps taken by DSME or South Korean authorities following the 2020 breach.