Last week, Korea Hydro and Nuclear Power, which runs South Korea's 23 nuclear plants, suffered a security breach in which personnel records, public health monitoring data, and reactor designs were obtained from the company's systems and posted online. The attacker, which linked to the materials on an anti-nuclear activist site, also threatened to release further information unless three of the company's plants were shut down by tomorrow.
Now, Korean investigators have identified a Chinese IP address as the source of the attacks and are asking the Chinese government for assistance in the investigation.
According to a report in The Korea Times, the attacks were routed through three different VPN service providers in the US, Japan, and Korea. By obtaining these records, the initial IP address that launched the attack were traced to the city of Shenyang, which is on the China-North Korea border. An article from Australia's ABC indicates that this city hosts one end of North Korea's main Internet connection to the outside world, which was severed earlier this week.