South Korea says a cyber attack that shut down thousands of computers at several major broadcasters and banks came...
from an IP address China.
However, officials said the identity of those behind the attack cannot be confirmed and that they would continue to investigate.
Initially, South Korean defence ministry officials stated that, while it was not yet known whether North Korea was involved, the possibility had not been ruled out.
Tensions between the two sides have been high since UN sanctions were tightened against North Korea following its latest nuclear test.
Information security professionals have cautioned against anyone taking action in retaliation to cyber attacks based on IP addresses and noted that attribution on the internet is extremely difficult.
“Government agencies and organised crime have the resources to operate hacking activities in many different countries,” said Marcus Ranum, chief security officer at Tenable Network Security.
Any organisation with a worldwide presence that is compromised can be used to launch attacks from a given country, he said.
Read more about critical infrastructure
- Is UK critical national infrastructure properly protected?
- Government monitors companies supporting critical national infrastructure
- Critical infrastructure security: Electric industry shows the path
- C Management and critical infrastructure protection
- NetWars CyberCity missions to improve critical infrastructure protection
- Steve Lipner on the Microsoft SDL, critical infrastructure protection
“Organisations need to be vigilant to search for indicators of compromise on their networks, but they should not make any type of strategy decision based on where the immediate attacks are coming from based on 'geo IP' lookups,” said Ranum.
However, linking the attacks to an IP address in China has not quashed speculation that North Korea is responsible because intelligence experts believe North Korea routinely uses Chinese IP addresses to hide its cyber attacks, according to the BBC.
South Korea has responded to the attack by setting up a task force to analyse the malware used and stop further attacks. Free malware protection software is also being handed out to South Korean companies.
The attack on South Korea comes just over a week since North Korea accused South Korea and its US ally of "intensive and persistent" hacking attacks on its internet servers.
Security experts have said that the choice of targets is telling of the trend that the chief candidates for attack are increasingly likely to be global financial markets and critical infrastructure systems.
“If these systems are taken down, attackers have the power to cripple a nation,” said Jarno Limnell, director of cyber security at security firm Stonesoft and former advisor to the military and government in Finland.
Cyber attacks on critical national infrastructure is a top concern in the US, where president Barack Obama has signed a cyber security executive order requiring federal agencies to share cyber threat information with private companies.