Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyberwarfare

South Korea Rows Back on China Link to Cyber Attack

SEOUL – South Korea said Friday that an IP address identified as a source of a major cyber attack this week was not based in China as originally believed.

SEOUL – South Korea said Friday that an IP address identified as a source of a major cyber attack this week was not based in China as originally believed.

On Thursday, the regulatory Korea Communications Commission said it had traced the attack on South Korean banks and broadcasters to a Chinese IP address, firming suspicions that North Korea may have been responsible.

But further analysis by investigators from the Korea Internet and Security Agency (KISA) showed that it came from a computer in one of the targeted banks, and “coincidentally matched” a public address in China.

“We’re still tracking some dubious IP addresses which are suspected of being based abroad,” KISA vice president Lee Jae-Il told reporters.

“Keeping all kinds of possibilities open, we’re making efforts to track down the hackers,” he added.

The China connection announced on Thursday had fuelled speculation that North Korean hackers were involved.

Previous online attacks blamed on North Korea — including one last year on the computer network of the conservative JoongAng newspaper in Seoul — were tracked back to Chinese sources.

Security analysts in South Korea believe the North sends hackers to China to hone their skills and operate from there.

Wednesday’s attack completely shut down the networks of TV broadcasters KBS, MBC and YTN, and halted financial services and crippled operations at three banks — Shinhan, NongHyup and Jeju.

The attack employed malware that can wipe the contents of a computer’s hard disk as well as drives connected to the infected computer.

Written By

AFP 2023

Click to comment

Expert Insights

Related Content

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Nation-State

The North Korean APT tracked as TA444 is either moonlighting from its previous primary purpose, expanding its attack repertoire, or is being impersonated by...

Nation-State

FBI says a North Korea-linked threat group known as Lazarus and APT38 is behind the $100 million Horizon bridge cryptocurrency heist.

Cyberwarfare

Iranian APT Moses Staff is leaking data stolen from Saudi Arabia government ministries under the recently created Abraham's Ax persona

Cyberwarfare

Russia-linked cyberespionage group APT29 has been observed using embassy-themed lures and the GraphicalNeutrino malware in recent attacks.

Cyberwarfare

The UK’s NCSC has issued a security advisory to warn about spearphishing campaigns conducted by two unrelated Russian and Iranian hacker groups.

Cyberwarfare

WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

Cybercrime

Artificial intelligence is competing in another endeavor once limited to humans — creating propaganda and disinformation.