In 2010, the United States launched a covert malware campaign aimed at sabotaging North Korea's nuclear program, according to a new report from Reuters' Joseph Menn, citing multiple sources familiar with the campaign. The campaign was ultimately unable to breach North Korean systems, but would have been activated when it detected Korean language settings on an appropriately structured industrial system.
The program came on the heels of the Stuxnet campaign against Iran that met with much greater success. Traveling over USB, Stuxnet was able to infect air-gapped control systems in Iranian nuclear facilities, triggering an overload that destroyed as many as a thousand nuclear centrifuges. The Stuxnet malware has been an object of fascination for security professionals ever since, as the global spread of the malware has made samples easy to find. Some have speculated that a similar tactic could have been used against North Korea's nuclear program, but this is the first hard evidence that such a campaign actually took place.
The North Korean nuclear program is thought to be based on technology similar to Iran's, but appears to have been protected by the isolated nature of the North Korean web. Both computers and internet access are strictly controlled in North Korea, making it significantly more difficult for malware to break in from the outside. Nonetheless, the virus seems to have made it through to at least some North Korean computers. Reuters cites a Kaspersky Lab analyst who says he turned up a North Korean variant of Stuxnet in the country in March or April of 2010.