In 2016, Daewoo Shipbuilding & Marine Engineering (DSME) in South Korea fell victim to a sophisticated cyber espionage attack orchestrated by North Korean hackers. The primary objective was to steal classified military intelligence, specifically targeting South Korea’s submarine programs and sensitive data related to Aegis Class destroyers, a critical asset for naval defense. The breach resulted in the exfiltration of approximately 40,000 documents, including 60 classified military files, compromising national security and defense capabilities. The attack had severe strategic implications, as the stolen data could undermine South Korea’s military advantage and alliance with the U.S. Navy, particularly concerning the Aegis Combat System deployed on vessels like the destroyer Yulgok Yi I. The incident also highlighted vulnerabilities in DSME’s cybersecurity infrastructure, as the company suffered two additional hacks following this breach. The stolen information posed risks beyond corporate espionage, potentially enabling adversaries to exploit weaknesses in naval technology, disrupt defense operations, or even influence geopolitical tensions in the region. The breach’s scale and the nature of the compromised data directly tied to military and national security elevated it to a critical threat level.
TPRM report: https://www.rankiteo.com/company/doec
"id": "doe950092225",
"linkid": "doec",
"type": "Cyber Attack",
"date": "6/2016",
"severity": "100",
"impact": "8",
"explanation": "Attack that could bring to a war"{'affected_entities': [{'industry': ['shipbuilding',
'defense',
'marine engineering'],
'location': 'South Korea',
'name': 'Daewoo Shipbuilding & Marine Engineering '
'(DSME)',
'type': 'corporation'}],
'data_breach': {'data_exfiltration': True,
'file_types_exposed': ['documents',
'engineering files',
'military specifications'],
'number_of_records_exposed': 40000,
'sensitivity_of_data': 'high (classified military '
'intelligence)',
'type_of_data_compromised': ['military documents',
'classified files',
'submarine program data',
'Aegis Class destroyer '
'specifications']},
'date_detected': '2016',
'description': 'In 2016, Daewoo Shipbuilding & Marine Engineering was '
'targeted by a hacking attack attributed to North Korean '
'threat actors. The attackers sought espionage-related '
'information on South Korea’s submarine programs and breached '
'sensitive data on Aegis Class destroyers. Approximately '
'40,000 documents, including 60 classified military files, '
'were exfiltrated. The incident affected ships such as the '
"destroyer Yulgok Yi I, which carries the U.S. Navy's Aegis "
'Combat System. Daewoo experienced two additional hacking '
'incidents following this attack.',
'impact': {'brand_reputation_impact': 'high (military and national security '
'implications)',
'data_compromised': {'classified_military_files': 60,
'details': ['submarine program data',
'Aegis Class destroyer '
'specifications'],
'documents': 40000},
'systems_affected': ['internal networks', 'document repositories']},
'initial_access_broker': {'high_value_targets': ['submarine programs',
'Aegis Class destroyer '
'data']},
'motivation': ['espionage', 'military intelligence gathering'],
'ransomware': {'data_exfiltration': True},
'threat_actor': 'North Korean state-sponsored hackers',
'title': 'Daewoo Shipbuilding & Marine Engineering Cyber Espionage Attack '
'(2016)',
'type': ['cyber espionage', 'data breach']}