South Korea says cyber attack came from IP address in China

News

South Korea says cyber attack came from IP address in China

Warwick Ashford

South Korea says a cyber attack that shut down thousands of computers at several major broadcasters and banks came from an IP address China.

However, officials said the identity of those behind the attack cannot be confirmed and that they would continue to investigate.

Initially, South Korean defence ministry officials stated that, while it was not yet known whether North Korea was involved, the possibility had not been ruled out.

Tensions between the two sides have been high since UN sanctions were tightened against North Korea following its latest nuclear test.

Information security professionals have cautioned against anyone taking action in retaliation to cyber attacks based on IP addresses and noted that attribution on the internet is extremely difficult.

“Government agencies and organised crime have the resources to operate hacking activities in many different countries,” said Marcus Ranum, chief security officer at Tenable Network Security.

Any organisation with a worldwide presence that is compromised can be used to launch attacks from a given country, he said.

“Organisations need to be vigilant to search for indicators of compromise on their networks, but they should not make any type of strategy decision based on where the immediate attacks are coming from based on 'geo IP' lookups,” said Ranum.

However, linking the attacks to an IP address in China has not quashed speculation that North Korea is responsible because intelligence experts believe North Korea routinely uses Chinese IP addresses to hide its cyber attacks, according to the BBC.

South Korea has responded to the attack by setting up a task force to analyse the malware used and stop further attacks. Free malware protection software is also being handed out to South Korean companies.

The attack on South Korea comes just over a week since North Korea accused South Korea and its US ally  of "intensive and persistent" hacking attacks on its internet servers.

Security experts have said that the choice of targets is telling of the trend that the chief candidates for attack are increasingly likely to be global financial markets and critical infrastructure systems.

“If these systems are taken down, attackers have the power to cripple a nation,” said Jarno Limnell, director of cyber security at security firm Stonesoft and former advisor to the military and government in Finland.

Cyber attacks on critical national infrastructure is a top concern in the US, where president Barack Obama has signed a cyber security executive order requiring federal agencies to share cyber threat information with private companies.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy