North Korean Hackers May Have Seen Secret US-South Korea War Plans

North Korean hackers may have glimpsed OPLAN 5027.

North Korean Hackers May Have Seen Secret US-South Korea War Plans
Credit: Flickr/ (stephan)

South Korean government sources told the Chosun Ilbo on Tuesday that North Korea may have gained access to part of the secret war plans developed by the United States and South Korea to use against the North in the event of a resumption of hostilities on the Korean peninsula. OPLAN 5027, which likely assumes a first conventional strike by North Korea, was accessed by North Korean hackers, according to South Korean Ministry of Defense sources who spoke to Chosun Ilbo.

The report notes that “hackers accessed reports containing portions of the plan, not the entire document.” According to an anonymous official, the United States and South Korea are reportedly discussing whether their existing plans under OPLAN 5027 have to be changed or overhauled based on the data breach. The South Koreans reportedly discovered that the plan had been stolen while investigating an unrelated cyber attack last fall. The attack reportedly targeted a vaccine server at the South Korean military’s cyber command. Hackers based in Shenyang, China, once again breached South Korean Defense Ministry systems in December, with the malware used in that attack resembling parts of what North Korean hackers have used in the past.

The severity of the breach to the U.S.-South Korea alliance is not known, partly because OPLAN 5027 is secret, but also because North Korea is thought to have only accessed part of the plan. In any case, the United States and South Korea regularly update their operational and conceptual war plans. In 2015, they reportedly developed a new plan called OPLAN 5015 that is a successor of sorts to 5027 (without deprecating the older plan entirely). OPLAN 5015 reportedly envisages more aggressive maneuvering by the United States and South Korea against North Korea.

Both scenarios are responsive to a North Korean first attack, but OPLAN 5015 is thought to incorporate conventional strikes on North Korean nuclear delivery systems to prevent the escalation of a conflict beyond the nuclear threshold. (North Korea, however, may be looking to use nuclear weapons in its opening attacks, according to some analysts.)

The bigger takeaway from the breach may not be that North Korea has seen part of the U.S.-South Korea alliance’s war plans. Pyongyang closely observes the annual Key Resolve and Foal Eagle exercises and loudly protests them. It already has a good idea of what assets the alliance possesses and how a war may progress in its early stages at least. Instead, the more significant takeaway should be that North Korea will continue to asymmetrically try and chip away at South Korea and the United States through similar hacks, leaving them less certain of their preparedness for any eventual North Korean provocations.

Enjoying this article? Click here to subscribe for full access. Just $5 a month.

This low-risk, low-cost, but potentially high-reward strategy suits Pyongyang, which is cash-strapped, but looking to eke out any edge over South Korea and the United States. Expect to see continuous attempts to breach South Korean government systems from the North.