SEOUL – South Korea on Tuesday blamed North Korea for a crippling cyber attack last month against government and media websites, including the president’s office.
The accusation came a day before the two Koreas are to hold fresh talks on reopening their joint industrial zone, amid fading hopes of an early agreement following months of friction.
The South’s science ministry said hackers in the attack waged from June 25 to July 1 used at least one IP address that had been utilized in earlier attacks blamed on the North.
Related: Cyber War is a Reality World Must Fight
“North Korea is believed to be behind the attack,” senior ministry official Park Jae-Moon told reporters. The South also blamed the North for major cyber-intrusions in 2009 and 2011 that targeted the South’s financial institutions and government agencies.
And Seoul accused Pyongyang’s military intelligence agency of launching a major cyber attack in March, which shut down the networks of three TV broadcasters and crippled operations at three banks.
The malware used in last month’s attack was found to be a variation of that used in the March 20 cyber attack, Park said.
Almost all websites and servers of 69 government offices and private organizations targeted in the June attack were now operating normally, he said.
“The cyber attack seriously undermined the country’s image by altering the websites of symbolic government organisations, such as the presidential office,” the science ministry said in a statement.
It said the attackers might have stolen some personal information through the website of the presidential office.
The June onslaught began on the anniversary of the outbreak of the Korean War in 1950, after hacking group Anonymous claimed to have attacked pro-North Korean websites.
It was well prepared and more carefully planned than previous attacks, the ministry said, adding the North had then tried to throw the South off the scent by assuming the identity of Anonymous.
North Korea is believed to have a cyber warfare unit staffed by around 3,000 people, analysts say. In response, the South set up a special cyber command unit in 2010.
The cyber attacks have prompted the South to double its Internet security budget and to train 5,000 experts, amid growing concern over its vulnerability.
McAfee said in a report last week that the March onslaught was part of a broad campaign of cyber espionage which dates back at least to 2009.
It said it had found a pattern of sophisticated attacks, including efforts to wipe away traces that could lead to detection.
The March attack followed heightened military tensions sparked by Pyongyang’s nuclear test in February.
Tension has subsidised in recent weeks. The two Koreas have agreed in principle to reopen their jointly-run industrial estate at Kaesong, which shut down in April as relations soured.
A series of meetings have been held at the estate, which opened in 2004 10 kilometres (six miles) north of the heavily-fortified border as a rare symbol of cooperation.
But little progress has been made amid squabbles over which side should take responsibility for the suspension and Pyongyang’s refusal to accept Seoul’s demand for firm safeguards against another unilateral shutdown.
The zone had long remained resilient to turbulence in ties but eventually became the most high-profile victim of the latest flare-up.
The North, citing perceived hostility by the South and Seoul’s joint army exercises with the US, withdrew all its 53,000 workers in April from the 123 South Korean-owned factories.
Related: South Korea Cyber Attack Tied to DarkSeoul Crew: Symantec
Related: ‘PinkStats’ Malware Used in Attacks Against South Korea, Others
Related: South Korea Sounds Alert After Official Websites Hacked