Email

China IP address link to South Korea cyber-attack

Around 32,000 computers at six organisations were affected by Wednesday's attack

A cyber-attack on South Korean banks and broadcasters came from an internet address in China, South Korean officials say, but the identity of those behind it cannot be confirmed.

Around 32,000 computers at six organisations were affected by Wednesday’s attack

The telecoms regulator said hackers used a Chinese address to plant a malicious code that hit networks at six organisations on Wednesday.

Officials said they were continuing to investigate the origins of the attack.

North Korea has been blamed for previous attacks in 2009 and 2011.

“Unidentified hackers used a Chinese IP address to contact servers of the six affected organisations and plant the malware which attacked their computers,” said Park Jae-moon of South Korea’s communications regulator.

“At this stage, we’re still making our best efforts to trace the origin of attacks, keeping all kinds of possibilities open,” he said.

Computer vaccines

Officials stressed that the IP address did not reveal who was behind the attack, as hackers can route their attacks through addresses in other countries to obscure their identities.

But the discovery has strengthened speculation that North Korea was behind the attack, the BBC’s Lucy Williamson reports from Seoul.

Intelligence experts believe that North Korea routinely uses Chinese computer addresses to hide its cyber-attacks.

A taskforce is being formed to analyse the virus and stop further attacks, and free computer vaccines have been handed out to South Korean companies, our correspondent adds.

Korea’s Communications Commission (KCC) said that the attacks on all six organisations appeared to come from a single entity.

The networks had been attacked by malicious codes, rather than distributed denial-of-service (DDoS) attacks as initially suspected.

‘Persistent hacking’

Following Wednesday’s attack, the KCC raised its cyber-attack alert levels to “caution,” the third highest out of five levels, news agency Yonhap reported.

Around 32,000 computers were affected by the incident, and some services at Shinhan bank, including internet banking and ATM machines, were disrupted.

However, so far no damage had been detected in public institutions and infrastructure, the KCC was quoted as saying by Yonhap.

The incident comes with tensions between the two Koreas high.

North Korea has stepped up rhetoric in recent days in response to fresh UN sanctions over its nuclear test in February and joint annual military drills between the US and South Korea, which it bitterly opposes.

On 15 March, North Korea’s KCNA news agency also accused the US and its allies of “intensive and persistent” hacking attacks on its internet servers.

Related posts

Elon Musk’s new job will bring tech ‘disruption’ to the US government – and history says it won’t be pretty

International Criminal Court issues arrest warrants for Netanyahu and Hamas officials

Common challenges with hydraulic fluid power systems