North Korea Still Chief Suspect In Cyber Attacks On South

Despite evidence that the recent cyber attacks on South Korea were not sophisticated nor particularly coordinated, with no proof of nation state involvement, North Korea remains the number one suspect.

South Korea Seoul © SeanPavonePhoto / Shutterstock.com

Officials in South Korea claim to have traced attacks to an IP address in China, which has indicated to some additional evidence of the North’s involvement. Previous attacks alleged to have been carried out by the North were routed through China.

The Korea Communications Commission (KCC) said it was still working on finding the original source of the malware, which crashed systems at a handful of South Korean companies, including TV networks and banks.

Cyber attacks from Whois?

“At this stage, we’re still making our best efforts to trace the origin of attacks, keeping all kinds of possibilities open,” said Park Jae-Moon, the KCC director of network policy, in a statement to media.

Yet claims the attacks were likely state sponsored have been called into question by sceptical security professionals. A host of notable researchers pointed to the defacements left by the hackers.

The messages indicated they were English-speaking hacktivists, calling themselves the ‘Whois Team’. Below is a typical example:

Attempts to email the contacts listed on the defacements all returned delivery failures.

Sophos noted the unsophisticated aspect of the attacks, given the Trojan’s main function was to wipe machines’ Master Boot Record (MBR) – something that numerous other malware have done in the past. Major AV companies appear to be blocking the threat too.

Symantec suggested the cyber attacks “may be part of either a clandestine attack or the work of nationalistic hacktivists taking issues into their own hands”.

Trend Micro said it was aware of other attacks on South Korean firms, including banks. “The website of a major electronics conglomerate was defaced. In addition, the websites of several banks may have been compromised and exploits used to plant backdoors on the systems of visitors,” Trend said, in a blog post.

“At this point, there is no evidence that these attacks were coordinated or connected in any manner; the timing may have been purely coincidental or opportunistic.”

Are you a security expert? Try our quiz!

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Recent Posts

Amazon Workers In North Carolina To Vote On Unionisation

E-commerce giant faces another unionisation move, with workers at North Carolina warehouse set to vote…

13 hours ago

Blue Origin Preps New Glenn Rocket For Sunday Launch

Jeff Bozos challenge to SpaceX's Falcon-9 heavy lift rocket, the New Glenn rocket, to make…

18 hours ago

Google Donates $1 Million To Donald Trump Inauguration Fund

Bending the knee continues from the tech industry, as Alphabet's Google becomes latest to make…

2 days ago

Microsoft Confirms Job Cuts Based On Performance

Software and cloud giant Microsoft confirms it is cutting a small percentage of jobs across…

2 days ago