Operation North Korea

Operation North Korea

Part of a series on Anonymous. [View Related Entries]

Updated Jun 26, 2013 at 12:50AM EDT by Brad.

Added Apr 04, 2013 at 06:09PM EDT by Brad.

Like us on Facebook!

PROTIP: Press 'i' to view the image gallery, 'v' to view the video gallery, or 'r' to view a random entry.

This submission is currently being researched & evaluated!

You can help confirm this entry by contributing facts, media, and other evidence of notability and mutation.


In early March 2013, Republic of Korea and the United States began their annual joint field training exercises known as Key Resolve and Foal Eagle. Throughout the month, the tension between the two Koreas quickly escalated as both sides continued to deploy heavy military forces along the maritime border and hackers from both Koreas allegedly targeted each others’ Internet infrastructures and servers with malware and DDoS attacks. On March 29th, North Korea’s state-run news agency issued a statement that its leader Kim Jong Un approved military plans for striking American and South Korean targets.

Anonymous Korea

On March 30th, 2013, a contingent of Anonymous-affiliated hackers calling themselves AnonymousKorea[1] claimed via Twitter that it had launched a DDoS attack against North Korea’s official websites and brought down at least five of them, including the North Korean airline Air Koryo and numerous other state news and propaganda websites.

Notable Developments

@Anonymous_Korea’s #OpNorthKorea tweets were instantly picked up by several Anonymous-affiliated news outlets[4] on Twitter, including @Data_Overflow, @AnonOpsKorea, @root, @iSPAINonymous @Generati0n_anon, @TheAnonOne and @AnonymousNull. That same day on March 30th, North Korea Tech[3] and Business Insider[2] reported on #OpNorthKorea, both suggesting that the latest DDoS attack may have been tied to the hostile threat of war that had been issued by North Korea a few hours before.

On April 2nd, Pastebin user DBLUE uploaded a brief communique[7] explaining the background of the attack and a list of demands urging Kim Jong Un to resign as the leader and implement reforms towards democracy. The Pastebin document also included some details of two Chinese nationals and three Korean nationals, which it claimed to be part of 15,000 user records that the hackers obtained from the Chinese-hosted North Korean news site Uriminzokkiri.

We demand:

- N.K. government to stop making nukes and nuke-threats
- Kim Jong-un to resign
- it’s time to install a free direct democracy in North Korea
- uncensored internet access for all the citizens!

To Kim Jong-un:

So you feel the need to create large nukes and threaten half the world with them?
So you’re into demonstrations of power?, here is ours:

- We are inside your local intranets (Kwangmyong and others)
- We are inside your mailservers
- We are inside your webservers

However, the group’s claim that it had sucessfully breached North Korea’s local intranets remain unsubstantiated and no official statements have been issued from the North. In the following days, the alleged Pastebin leak was covered by Cyber War News[5], North Korea Tech[6] and The Daily Dot[8], reporting that more attacks have been supposedly scheduled to take place on April 19th and June 25th.

Social Media Accounts Hacked

At about 1:45 a.m. (ET) on April 4th, the North Korean central news agency Uriminzokkri’s Twitter and Flickr accounts were infiltrated by Anonymous hackers. The hack was confirmed after @Uriminzokiri tweeted a series of links to other North Korean websites that were also hacked, including Ournation-School.com, aindf.com and Ryomyong.com. On the Flickr page, its usual photo collection of military generals and pro-war rallies was replaced with Guy Fawkes masks and a poster crudely depicting the leader Kim Jong Un as a pig.

Uriminzokkri’s Flickr page has been since deactivated, however, Anonymous continues to retain its control of the Twitter account. On April 8th, Anonymous warned of more attacks in the near future:

N.I.S. Investigation

On April 6th, South Korean news publications[10] reported that the National Intelligence Service has begun investigating the leaked account information of 15,000 Uriminzokkiri registered users hackers for potential breaches of national security laws that may have been committed by South Korean netizens.

Interview with Anonsj

On April 8th, South Korea’s Yonhap News agency[12] published an exclusive interview with AnonSJ, a South Korean hacker who is believed to be one of the core members behind the operation. In the interview, AnonSJ revealed some of his game plans for another cyberattack that is scheduled to take place on June 25th, namely of designing a “ninja gateway” that can serve as a bridge between North Korea’s isolated network and the rest of the Internet. When asked whether the group planned to target any higher-level network infrastructures within the regime, AnonSJ responded that “it will be attempted if there is a way.”

Kyangmyung Hack Claim

On June 17th, AnonSJ released a YouTube video[13] claiming that the hacktivist group has obtained up to 5,000 secret military documents from North Korea’s intranet Kyangmyung, which allegedly containing details about the locations of North Korean missile program and personal information about high-ranking officials within the ruling party[16], and plans to release the documents on June 25th.

Furthermore, the group announced that it will simultaneously launch a sweeping attack against 40 key North Korean government websites on the same day. The list of proposed targets was released via Pastebin,[17] which includes numerous state-run press organizations such as Korean Central News Agency (KCNA), Rodong Daily, Voice of Korea and Uriminzokkiri among many others.

Previously we said we would penetrate the intranet and private networks of north korea. And we were successful. We are not a threat to the world peace like your government. We do not forcing ourselves like your government. We will no longer abide by your ways of ruling, we work toward world peace and for the Republic of Korea. Thus, we have a Memorandum of June 25 to indicating our strength. Oh good people of North Korea, it is time to wake up. Soon you will experience a new culture and your worthless leadership will be recognised by everyone. Come and join us!

Korean War Anniversary Attacks

On June 25th, 2013, coinciding with the 63rd anniversary of the beginning of the Korean War, Anonymous carried out a series of cyber attacks against the websites of the Korean Central News Agency, the state-owned airline service Air Koryo, the daily newspaper Rodong Sinmun and propagandist organization Uriminzokkiri among others, rendering many of them inaccessible for several hours. In addition to triggering server outage on multiple websites, the group also leaked an excerpt from a photo-scanned document allegedly showing the names and personal information of key members on the pro-North website Uriminzokkiri, while adding that the rest of the list will be published via WikiLeaks in the near future.

At the same time, at least 16 websites belong to the South Korean government, news media and financial companies were vandalized or brought offline through DDoS attacks by unknown hackers. According to Younhap News, the attacks began at around 9:30 a.m. (local time), when a message that read “the Great Leader Kim Jong-un” was scrawled on the website of South Korean president Park Geun Hye, followed by the appearance of another message “Hooray to Kim Jong-un, the president of unification We will continue our attacks until our demands are met” at 10 a.m (local time). Other high-profile targets in the attack included websites representing the South Korean Office of the Prime Minister and the Office of Government Policy Coordination (shown below).

That same day, South Korean intelligence officials issued a statement saying that they’re investigating the source of the cyberattacks in both the North and the South. Meanwhile, Anonymous member @Anonsj released a statement denying any involvement in the attacks against the South Korean websites via Twitter, while others on Twitter claiming to be associated with the group made similar statements asserting that they were “framed” for the attacks.

Search Interest

External References

Recent Videos 1 total

Recent Images 15 total

Top Comments

+ Add a Comment

Comments 67 total


+ Add a Comment

Add a Comment

Howdy! You must login or signup first!