South Korea has accused North Korea of launching the cyber attacks that shut down thousands of computers at several major broadcasters and banks in South Korea just over two weeks ago.
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
Attribution of cyber attacks is notoriously difficult, but South Korean investigators say some of the malware discovered on targeted computers had been used in previous attacks linked to North Korea.
Initially, South Korean defence ministry officials stopped short of accusing the North, but said investigations were underway and the possibility had not been ruled out.
Now investigators say their initial findings suggest North Korea's military-run Reconnaissance General Bureau had been responsible for the cyber attacks, according to the BBC.
The investigators said 30 out of 76 pieces of malware recovered from targeted computers were the same as those used in previous strikes.
Nearly half of the internet protocol (IP) addresses linked to the attacks also matched those used in attacks blamed on the North in the past five years, investigators said.
Read more about critical infrastructure
- Is UK critical national infrastructure properly protected?
- Government monitors companies supporting critical national infrastructure
- Critical infrastructure security: Electric industry shows the path
- C Management and critical infrastructure protection
- NetWars CyberCity missions to improve critical infrastructure protection
The Korea Internet Security Agency said six computers in the North accessed computer servers in the South using more than a thousand overseas IP addresses, which were used to set up the attack.
Although the attacks were initially linked to joint military exercises in the region by South Korea and its US ally, investigators revealed that malware used in the attacks had been planted in some targeted organisations up to eight months previously.
"After maintaining monitoring activities, they sent out the command to delete data stored in the server and distributed malware to individual computers through the central server,” said the South Korean government.
The latest round of cyber attacks on South Korea led to local criticism of the country’s cyber defences.
South Korean commentators said national security cannot be assured through an outdated system and called for improvements.
The Korea Internet Security Agency plans to issue a final report into the latest cyber attacks at a later date, but the latest allegations against the North come amid increasing tension on the Korean peninsula and fears of nuclear attacks.
Security experts have said the choice of targets is telling of the trend that the chief candidates for attack are increasingly likely to be global financial markets and critical infrastructure systems.
“If these systems are taken down, attackers have the power to cripple a nation,” said Jarno Limnell, director of cyber security at security firm Stonesoft and former advisor to the military and government in Finland.
Cyber attacks on critical national infrastructure is a top concern in the US, where president Barack Obama has signed a cyber security executive order requiring federal agencies to share cyber threat information with private companies.