South Korea accuses North Korea of launching cyber attacks

South Korea blames North Korea for the cyber attacks that shut down thousands of computers at broadcasters and banks two weeks ago

South Korea has accused North Korea of launching the cyber attacks that shut down thousands of computers at several major broadcasters and banks in South Korea just over two weeks ago.

Attribution of cyber attacks is notoriously difficult, but South Korean investigators say some of the malware discovered on targeted computers had been used in previous attacks linked to North Korea.

Initially, South Korean defence ministry officials stopped short of accusing the North, but said investigations were underway and the possibility had not been ruled out.

Now investigators say their initial findings suggest North Korea's military-run Reconnaissance General Bureau had been responsible for the cyber attacks, according to the BBC.

The investigators said 30 out of 76 pieces of malware recovered from targeted computers were the same as those used in previous strikes.

Nearly half of the internet protocol (IP) addresses linked to the attacks also matched those used in attacks blamed on the North in the past five years, investigators said.

The Korea Internet Security Agency said six computers in the North accessed computer servers in the South using more than a thousand overseas IP addresses, which were used to set up the attack.

Although the attacks were initially linked to joint military exercises in the region by South Korea and its US ally, investigators revealed that malware used in the attacks had been planted in some targeted organisations up to eight months previously.

"After maintaining monitoring activities, they sent out the command to delete data stored in the server and distributed malware to individual computers through the central server,” said the South Korean government.

The latest round of cyber attacks on South Korea led to local criticism of the country’s cyber defences.

South Korean commentators said national security cannot be assured through an outdated system and called for improvements.

The Korea Internet Security Agency plans to issue a final report into the latest cyber attacks at a later date, but the latest allegations against the North come amid increasing tension on the Korean peninsula and fears of nuclear attacks.

Security experts have said the choice of targets is telling of the trend that the chief candidates for attack are increasingly likely to be global financial markets and critical infrastructure systems.

“If these systems are taken down, attackers have the power to cripple a nation,” said Jarno Limnell, director of cyber security at security firm Stonesoft and former advisor to the military and government in Finland.

Cyber attacks on critical national infrastructure is a top concern in the US, where president Barack Obama has signed a cyber security executive order requiring federal agencies to share cyber threat information with private companies.

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more on Privacy and data protection

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

DPRK (North Korea) is just looking for trouble. Just on the broadcasting spectrum, many viewers from around the globe watch South Korean content. You mess up the bro casting systems, your fooling with some of the worlds best hackers. Just saying, on that aspect. I wouldn't want to mess with the communication system that is internationally shared. Basically, same goes for banks and such, there are ties globally and sorry DPRK, but you might not have the nastiest cyber attack. Realize.

Cancel

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close