x Abu Dhabi, UAESaturday 29 July 2017

South Korea tracks cyber attack to China, North still a suspect

South Korea says it has sourced a damaging cyber attack on its broadcasters and banks to an IP address in China, fuelling suspicions that North Korea may have been responsible.

SEOUL // South Korea said yesterday it had sourced a damaging cyber attack on its broadcasters and banks to an IP address in China, fuelling suspicions that North Korea may have been responsible.

Previous online attacks blamed on North Korea - including one last year on the computer network of the conservative JoongAng newspaper in Seoul - have also been tracked back to Chinese sources.

Internet security analysts in South Korea believe official North Korean hackers learnt many of their skills in China and operate from there.

The regulatory Korea Communications Commission, or KCC, said Wednesday's attack had used the Chinese IP address to access the targeted computer networks and generate malware that crashed their systems.

"The Chinese IP may trigger various assumptions," said Park Jae-moon, the KCC director of network policy.

"At this stage, we're still making our best efforts to trace the origin of attacks, keeping all kinds of possibilities open," Mr Park said.

The attack on Wednesday completely shut down the networks of TV broadcasters KBS, MBC and YTN, and halted financial services and crippled operations at three banks - Shinhan, NongHyup and Jeju.

Their networks were mostly back up and running yesterday, although a large number of individual computers were not operational.

"For geopolitical reasons, it's convenient for North Korea to use Chinese IP addresses for such attacks," said Choi Yun-seong, a security expert at the state-run Korea Information Technology Research Institute, or Kitri.

"However, domestic and foreign hackers can use them as well, so we cannot say for sure North Korea was behind this," Mr Choi said.

China, North Korea's main patron, which has angrily denied being behind a spate of cyber attacks on US interests, also stressed the IP address location was meaningless.

"We have pointed out many times that hacking attacks are a global problem," the foreign ministry spokesman Hong Lei said.

"It is anonymous and transnational. By using other countries' IP addresses, hackers attack some countries' networks and this is a common practice," he said.

Wednesday's attack came days after North Korea accused South Korea and the US of being behind a "persistent and intensive" hacking assault that took a number of its official websites offline for nearly two days.

It also coincided with heightened military tensions on the Korean peninsula, following Pyongyang's nuclear test last month.