The presidential office said on Thursday that the possibility of a cyberattack causing a shutdown of nuclear reactors and posing a greater danger is low, amid growing public fear of cyberthreats involving North Korea.

The announcement was made a few hours after the National Security Council at Cheong Wa Dae held an emergency meeting on cyberterrorism, in a gesture that the office was taking the recent threats seriously.

“As the control tower for cybersecurity, the office is taking preemptive action to control the situation, by taking the matter very seriously,” the NSC said in a statement a day before it held the meeting. The council said it had held a meeting on cyberterror last week, amid mounting fears of hacking attacks by North Korea after its alleged attacks on Sony Pictures. 

The government came under fire after hackers released several batches of confidential data on South Korean nuclear reactors, starting last week. Hackers calling themselves members of an antinuclear power activist group posted personal information on some 10,000 employees of Korea Hydro & Nuclear Power and continued to release more information on Twitter, including four files of reactor-related information and safety analyses.

The reactor operator said the information leaked by hackers was not classified, but general material.

But public fears of an attack grew after evidence suggested that the suspects could be North Korean hackers.

The prosecution said Wednesday that a suspect in the hacking attacks on the reactors used multiple IP addresses based in Shenyang, China.

The announcement instantly raised the possibility of North Korean involvement as the Chinese city is known to be an overseas base for hackers trained by Pyongyang. Justice Minister Hwang Kyo-an on Wednesday told lawmakers that the government was looking into allegations that the attack was committed by North Korea.

Hundreds of emails embedded with malicious codes were sent to employees of the country’s nuclear reactor operator from accounts registered under the names of retired officials of the state-run firm, investigators said on Thursday.

“On (Dec.) 9, emails embedded with malware were sent to hundreds of staff at KHNP. Most of the emails were sent from accounts (registered) with the names of retired officials of the operator,” said a member of the joint investigative team looking into the hacking attacks.

Investigators said they were questioning retired officials, but that they suspect that most of the email IDs were stolen by hackers.

When a computer becomes infected with the malicious code, the attacker can view all activities performed on the PC and even turn it into a “zombie computer” to manipulate it from remote places.

Officials said that the senders of the emails could be the same hackers who posted documents about KHNP’s staff members and threatened to wreak havoc on the reactor facilities. The methods they used to avoid having their IP addresses traced were quite similar, officials added.

The officials were put on 24-hour alert Thursday as hackers said they would “destroy reactors” unless the government shut down three nuclear reactors at Gori and Wolseong nuclear power plants by Christmas. Hackers also told residents near the facilities to leave.

The Ministry of Energy said later in the day that it had found no signs of hacking attacks on the nuclear plants system.

“So far, there’s no sign of an attack. It’s too early to let out a sigh of relief, but you can make yourself at ease as we are trained for emergency situations,” Minister Yoon said in a meeting with residents.

Officials said they had been conducting safety exercises after the hackers’ attack on nuclear power plants. In the event of a malfunction, the plants can be shut down physically, they added.

Amid growing public fears, the government tightened security measures and deployed the marine corps around reactor sites. All emails sent from outside and access to the Internet are currently being blocked by security experts, according to reports.

By Cho Chung-un (christory@heraldcorp.com)