The North Korean national flag flutters at half mast at the North Korea embassy in Singapore on December 20, 2011.  North Korean leader Kim Jong-Il has died aged 69 of a heart attack, state media announced, plunging the nuclear-armed and deeply isolated nation into a second dynastic succession.       AFP PHOTO / SIMIN WANG (Photo credit should read SIMIN WANG/AFP/Getty Images)
Official: N. Korean hackers stole US war plans
01:58 - Source: CNN

Story highlights

Rhee Cheol-hee said the documents stolen included the South Korea-US wartime operational plan

About 235 gigabytes worth of military data was stolen by the hackers, Rhee said

Washington CNN  — 

North Korean hackers allegedly stole classified military documents from a South Korean Defense Ministry database in September 2016, according to Rhee Cheol-hee, a member of South Korea’s National Assembly.

Rhee, who belongs to the ruling Democratic Party and sits on the Defense Committee, told CNN on Tuesday that he received information about the alleged hacking from the Defense Ministry.

He said the documents stolen included the South Korea-US wartime operational plan and a document that includes procedures to “decapitate” the North Korean leadership.

About 235 gigabytes worth of military data was stolen by the hackers, Rhee said.

When asked about Rhee’s comments by reporters at a daily press briefing on Tuesday, a spokesman from South Korea’s Defense Ministry declined to comment, saying the information is classified.

The Pentagon also declined to comment specifically on reports of the potential breach, but spokesman Col. Robert Manning said on Tuesday that the US is “confident in the security of our operations plans and our ability to deal with any threat from North Korea.”

“The operations plan that they are referring to is a bilateral plan, so the Republic of Korea-US alliance remains steadfast in their commitment to make sure they safeguard that information and ensure readiness on the Korean peninsula to counter any North Korean threats,” Manning said.

“I’m not going to address the specifics of that discussion but what I will tell you is that it is a ROK-US alliance commitment to make sure that they safeguard operations and plans,” he added.

This photo taken on May 6, 2016 and released on May 7 by North Korea's official Korean Central News Agency (KCNA) shows North Korean leader Kim Jong-Un making an opening speech during the 7th Workers Party Congress at the 'April 25 Palace' in Pyongyang.   / AFP PHOTO / KCNA VIA KNS / STR / REPUBLIC OF KOREA OUT - - - --- RESTRICTED TO EDITORIAL USE - MANDATORY CREDIT "AFP PHOTO / KCNA VIA KNS" - NO MARKETING NO ADVERTISING CAMPAIGNS - DISTRIBUTED AS A SERVICE TO CLIENTSSTR/AFP/Getty Images
North Korea's Workers' Party: A dominant force
00:58 - Source: CNN

‘Treasure trove’

Depending on the level of detail in the stolen plans, the hack could pose serious challenges for the US-South Korean alliance.

“If the North Koreans in fact accessed the US/South Korean defense plans, this is a treasure trove of information and presents a real danger,” said CNN military analyst and retired Lt. Col. Rick Francona.

“If I had access to the enemy’s plans, not only would I know what forces were going to be arrayed against me, I would now where they will be, what weapons they will have, where the command and control nodes will be established – all critical warfighting information.”

Details of the alleged 2016 hack emerged as President Donald Trump continues to imply that diplomatic efforts to rein in North Korea’s nuclear and missile programs through negotiations have proven to be ineffective.

“Our country has been unsuccessfully dealing with North Korea for 25 years, giving billions of dollars & getting nothing. Policy didn’t work,” Trump tweeted on Monday.

In a pair of tweets sent Saturday afternoon, Trump said past agreements with North Korea have all been violated.

“Presidents and their administrations have been talking to North Korea for 25 years, agreements made and massive amounts of money paid … hasn’t worked, agreements violated before the ink was dry, makings fools of U.S. negotiators,” Trump wrote. “Sorry, but only one thing will work!”

Asked by reporters later Saturday about the tweet, Trump would only say: “You’ll figure that out pretty soon.”

‘Range of options’

The White House said Tuesday that Trump and his national security team were briefed and discussed “a range of options to respond to any form of North Korean aggression or, if necessary, to prevent North Korea from threatening the United States and its allies with nuclear weapons.”

On Monday, Secretary of Defense James Mattis reiterated that diplomacy along with international economic sanctions against Pyongyang would remain the leading element of US strategy towards North Korea.

“It is right now a diplomatically led economic sanction buttressed effort to try and turn North Korea off this path,” Mattis said Monday during his opening remarks at the Association of the United States Army’s annual meeting in Washington.

But Mattis added that the military would continue to prepare options should diplomacy fail.

“We’ve got to be ready to ensure that there are military options that our President can employ if needed,” he said.

“Now what does the future hold? Neither you nor I could say,” Mattis said.

US Army Chief of Staff Gen. Mark Milley made clear Monday what a bind the US is in when it comes to solving the challenge of North Korea’s nuclear and missile programs, stating there are “no risk-free options” but said there is also not an “indefinite amount of time” to solve the crisis.

“A full-blown war on the Korean Peninsula will be horrific by any stretch of the imagination. No one has any doubts about that,” Milley told reporters.

north korea earthquake nuclear test rivers_00001701.jpg
Nuclear test leaves Chinese city shaken
02:42 - Source: CNN

North Korean-linked hackers

The US and South Korea have been aware of North Korea’s bold hacking operations for several years, linking Pyongyang to a series of sophisticated cyberattacks.

In 2013, when South Korea’s banks and broadcasters were attacked, that government blamed its neighbor to the north. In 2014, the US government blamed North Korea for the the hack on Sony Pictures.

And in April, North Korea was linked to attacks on banks in 18 countries after researchers connected hackers to an operation known as “Lazarus,” according to a report from Russian cybersecurity firm Kaspersky.

The stolen money was likely used to help advance North Korea’s development of nuclear weapons, Anthony Ruggiero, a senior fellow for Foundation for Defense of Democracies, told CNN at the time.

To hide their location, hackers typically launch cyberattacks from computer servers far from home. According to Kaspersky, the Lazarus hackers carefully routed their signal through France, South Korea and Taiwan to set up that attack server. But there was apparently one mistake spotted by Kaspersky: A connection that briefly came from North Korea.

Kaspersky is one of the world’s top cybersecurity firms, providing popular anti-malware protection to computers at homes and companies worldwide. Its researchers are known for exposing some of the most complex global hacking operations. US law enforcement remains suspicious of the firm’s ties to the Russian government, but Kaspersky strongly denies Kremlin influence on the company’s business.

CNN’s Taehoon Lee, Yazhou Sun, Ryan Browne, Lauren Suk and Jim Acosta contributed to this report.