North Korean hackers stole a vast cache of data, including classified wartime contingency plans jointly drawn by the United States and South Korea, when they breached the computer network of the South Korean military last year, a South Korean lawmaker said Tuesday.
One of the plans included the South Korean military’s plan to remove the North Korean leader, Kim Jong-un, referred to as a “decapitation” plan, should war break out on the Korean Peninsula, the lawmaker, Rhee Cheol-hee, told reporters.
Mr. Rhee, a member of the governing Democratic Party who serves on the defense committee of the National Assembly, said he only recently learned of the scale of the North Korean hacking attack, which was first discovered in September last year.
It was not known whether any of the military’s top secrets were leaked, although Mr. Rhee said that nearly 300 lower-classification confidential documents were stolen. The military has not yet identified nearly 80 percent of the 235 gigabytes of leaked data, he said.
A Defense Ministry spokesman, Moon Sang-gyun, refused to comment on Mr. Rhee’s disclosure.
A spokesman for the Pentagon, Col. Robert Manning, would not discuss if the hack had occurred, repeating, when pressed, that he would not “discuss the specifics” of the incident.
North Korea and South Korea have long had each other’s computer networks in their sights. The United States, piggybacking on South Korean operations, broke into the North’s computer systems in 2010, targeting the Reconnaissance General Bureau, the North’s equivalent of the C.I.A.
South Korean intelligence officials told lawmakers in June that Mr. Kim was desperate to get hold of South Korea’s decapitation plan. He had also begun using his deputies’ cars as decoys to move from place to place, they said.
When the hack was discovered last year, the ministry blamed North Korea. But it has acknowledged only that “some classified information” was stolen, saying that revealing more details would only benefit its enemies.
Some South Korean news media, citing anonymous sources, had earlier reported that the leaked data included wartime contingency plans. But Mr. Rhee is the first member of the parliamentary committee that oversees the military to disclose similar details.
It remained unclear how much the hacking has undermined the joint preparedness of the South Korean and United States militaries, with South Korean officials simply saying that they have been redressing whatever damage was caused by the cyberattack.
The military plans for dealing with North Korea have been rewritten in recent months by Secretary of Defense Jim Mattis, in response to the North’s accelerated threats.
The plan containing the so-called decapitation operation, Operations Plan 5015, had been updated in 2015 to reflect the growing nuclear and missile threat from North Korea. Its details remain classified.
Under their mutual defense treaty, the United States takes operational control of South Korean troops in the event of war on the divided Korean Peninsula. The two allies hone their war plans through annual joint military exercises.
As Mr. Kim, the North Korean leader, has accelerated his nuclear missile program in recent years, South Korean defense officials have publicly discussed pre-emptive strikes at critical missile and nuclear sites in North Korea and an operation to eliminate the North’s top leaders.
After North Korea’s sixth — and by far most powerful — nuclear test last month, the South Korean defense minister, Song Young-moo, told lawmakers in Seoul that a special forces unit with a task of removing Mr. Kim would be established by the end of the year.
Last month, United States strategic bombers and fighter jets also flew deep to the north along the east coast of North Korea in what some South Korean defense analysts said was an exercise to target the North Korean leadership in the event of conflict.
North Korea bristles at any threat to Mr. Kim, and a war of words has escalated between North Korea and the Trump administration. North Korea claimed a right to shoot down American warplanes flying in international airspace if they came near the country. When President Trump threatened to “totally destroy” North Korea last month, Mr. Kim vowed to “tame the mentally deranged U.S. dotard with fire.”
North Korea runs an army of hackers trained to disrupt enemy computer networks and steal cash and sensitive data. In the past decade, it has been blamed for numerous cyber-heists and other hacking attacks in South Korea and elsewhere.
In the attack in September last year, later code-named “Desert Wolf” by anti-hacking security officials, North Korean hackers infected 3,200 computers, including 700 connected to the South Korean military’s internal network, which is normally cut off from the internet. The attack even affected a computer used by the defense minister.
Investigators later learned that the hackers first infiltrated the network of a company providing a computer vaccine service to the ministry’s computer network in 2015. They said the hackers operated out of IP addresses originating in Shenyang, a city in northeast China that had long been cited as an operating ground for North Korean hackers.
The intruders used the vaccine server to infect internet-connected computers of the military with malicious codes in August last year, the investigators said. They could also infiltrate the malware into intranet computers when the military’s closed internal network was mistakenly linked to the internet during maintenance.
The break-in by the United States into North Korea’s own government networks in 2010 was documented in classified materials released by Edward J. Snowden, a former National Security Agency contractor. The New York Times reported in 2015 that the penetration figured in quickly identifying the North Korean origins of the hack of Sony Pictures Entertainment.