South Korea Hit by Massive Cyber Attacks

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

South Korea's Yonhap News reports that malware has caused "massive computer network failures" at TV stations KBS, MBC and YTN; banks Shinhan, Nonghyup and Jeju; and two insurance firms. Woori Bank was also attacked "but managed to defend its computer networks through an internal system." No government networks appear to have been affected.

According to Yonhap News, the Korea Communications Commission (KCC) has stated that "hacking of unknown origin" has been blamed for the network failures.

"We do not rule out the possibility of North Korea being involved, but it's premature to say so," Defense Ministry spokesman Kim Min-Seok told AFP. "It will take time to figure out."

Christopher Boyd, senior threat researcher at ThreatTrack Security, says it's important not to jump to conclusions on that point. "While it's tempting to attribute these attacks to the North, given the current state of play in the region, many attacks are not so easy to pin down. ... Recent reports that North Korea itself claims to have been knocked offline by hackers does nothing to clarify the issue, and in this 'tit-for-tat' environment we should be wary of attributing any blame until the full facts emerge," Boyd says.

Sophos says the malware responsible for the attacks was Mal/EncPk-ACE. "What's curious is that the malware is not particularly sophisticated," writes Sophos' Graham Cluley. "Sophos products have been able to detect the malware for nearly a year, and the various commands embedded in the malicious code have not been obfuscated. For this reason, it's hard to jump to the immediate conclusion that this was necessarily evidence of a 'cyberwarfare' attack coming from North Korea."