North Korea Still Chief Suspect In Cyber Attacks On South

Despite evidence that the recent cyber attacks on South Korea were not sophisticated nor particularly coordinated, with no proof of nation state involvement, North Korea remains the number one suspect.

Officials in South Korea claim to have traced attacks to an IP address in China, which has indicated to some additional evidence of the North’s involvement. Previous attacks alleged to have been carried out by the North were routed through China.

The Korea Communications Commission (KCC) said it was still working on finding the original source of the malware, which crashed systems at a handful of South Korean companies, including TV networks and banks.

Cyber attacks from Whois?

“At this stage, we’re still making our best efforts to trace the origin of attacks, keeping all kinds of possibilities open,” said Park Jae-Moon, the KCC director of network policy, in a statement to media.

Yet claims the attacks were likely state sponsored have been called into question by sceptical security professionals. A host of notable researchers pointed to the defacements left by the hackers.

The messages indicated they were English-speaking hacktivists, calling themselves the ‘Whois Team’. Below is a typical example:

Attempts to email the contacts listed on the defacements all returned delivery failures.

Sophos noted the unsophisticated aspect of the attacks, given the Trojan’s main function was to wipe machines’ Master Boot Record (MBR) – something that numerous other malware have done in the past. Major AV companies appear to be blocking the threat too.

Symantec suggested the cyber attacks “may be part of either a clandestine attack or the work of nationalistic hacktivists taking issues into their own hands”.

Trend Micro said it was aware of other attacks on South Korean firms, including banks. “The website of a major electronics conglomerate was defaced. In addition, the websites of several banks may have been compromised and exploits used to plant backdoors on the systems of visitors,” Trend said, in a blog post.

“At this point, there is no evidence that these attacks were coordinated or connected in any manner; the timing may have been purely coincidental or opportunistic.”

Are you a security expert? Try our quiz!

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Recent Posts

China’s YMTC Publishes Memory Patent Applications

US-sanctioned YMTC publishes nearly 20 memory patent applications, showcasing innovations in efficiency and chip construction

16 hours ago

CATL ‘In Talks’ For Controlling Stake In Nio’s Power Unit

Battery giant CATL reportedly in talks to buy controlling stake in unit of EV maker…

16 hours ago

BYD Launches Luxury Denza EV Brand In Europe

Chinese EV giant BYD launches high-end Denza brand in Europe to compete with Mercedes, BMW…

17 hours ago

US Power Utilities Receive Massive AI Data Centre Requests

US power companies say in some cases data centre requests exceed their peak demand or…

17 hours ago

Microsoft Ends Projects With Wicresoft In China

Some 2,000 support staff reportedly laid off as Microsoft ends China outsourcing deal with its…

18 hours ago

Singapore Banks Hit By Ransomware Data Breach

DBS, Bank of China Singapore say customer data compromised after printing services supplier hit by…

18 hours ago