Piyolog's KHNP roundup tracks the 2014 leak and destructive-malware incident at Korea Hydro and Nuclear Power, a Korea Electric Power subsidiary. The timeline says thousands of malware-laden emails were sent to KHNP on December 9, malware was scheduled to run on December 10, internal documents began leaking through Naver Blog and Twitter on December 15-16, and prosecutors later gave an interim assessment that North Korea was involved. The source lists HWP droppers, suspected use of retired employees' private email addresses, source IPs concentrated around Shenyang, and destructive DLL malware detected as Destfallen or Destroyer. The malware functions included a time bomb, MBR overwriting, file wiping for document and archive extensions, and gateway DoS packets containing the phrase "Who am I?"