Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyberwarfare

South Korea Rows Back on China Link to Cyber Attack

SEOUL – South Korea said Friday that an IP address identified as a source of a major cyber attack this week was not based in China as originally believed.

SEOUL – South Korea said Friday that an IP address identified as a source of a major cyber attack this week was not based in China as originally believed.

On Thursday, the regulatory Korea Communications Commission said it had traced the attack on South Korean banks and broadcasters to a Chinese IP address, firming suspicions that North Korea may have been responsible.

But further analysis by investigators from the Korea Internet and Security Agency (KISA) showed that it came from a computer in one of the targeted banks, and “coincidentally matched” a public address in China.

“We’re still tracking some dubious IP addresses which are suspected of being based abroad,” KISA vice president Lee Jae-Il told reporters.

“Keeping all kinds of possibilities open, we’re making efforts to track down the hackers,” he added.

The China connection announced on Thursday had fuelled speculation that North Korean hackers were involved.

Previous online attacks blamed on North Korea — including one last year on the computer network of the conservative JoongAng newspaper in Seoul — were tracked back to Chinese sources.

Security analysts in South Korea believe the North sends hackers to China to hone their skills and operate from there.

Advertisement. Scroll to continue reading.

Wednesday’s attack completely shut down the networks of TV broadcasters KBS, MBC and YTN, and halted financial services and crippled operations at three banks — Shinhan, NongHyup and Jeju.

The attack employed malware that can wipe the contents of a computer’s hard disk as well as drives connected to the infected computer.

Written By

AFP 2023

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

People on the Move

Former DoD CISO Jack Wilmer has been named CEO of defensive and offensive cyber solutions provider SIXGEN.

Certificate lifecycle management firm Sectigo has hired Jason Scott as its CISO.

The State of Vermont has appointed John Toney as the state’s new CISO.

More People On The Move

Expert Insights

Related Content

Cyberwarfare

WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Cyberwarfare

Russian espionage group Nomadic Octopus infiltrated a Tajikistani telecoms provider to spy on 18 entities, including government officials and public service infrastructures.

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Cyberwarfare

Several hacker groups have joined in on the Israel-Hamas war that started over the weekend after the militant group launched a major attack.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Cyberwarfare

An engineer recruited by intelligence services reportedly used a water pump to deliver Stuxnet, which reportedly cost $1-2 billion to develop.

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...