It has been confirmed that China was the source of the hacking attack that paralyzed major South Korean broadcasters and financial institutions on the 21st. Previous North Korean cyber terror attacks also came through Chinese servers, making it likely that Pyongyang was behind yesterday’s attack.
A joint response team involving the Korea Communications Commission, National Police Agency and Korea Internet Security Agency (KISA) revealed in a briefing held this morning, “The result of analysis of the Nonghyup [one of the disrupted banks] system is that a Chinese IP address was connected to the management server of a piece of antivirus software and created the malicious code file.”
The analysis also appears to show that the attacks were coordinated from the same origin, although the details are still being investigated. So far, damage to a total of 32,000 PCs and servers across six broadcasters and financial institutions has been identified.
However, emergency checks at major state agencies including the Ministry of Land, Transport and Maritime Affairs, Ministry of Knowledge Economy, Ministry of Public Administration and Security and the National Intelligence Service have revealed nothing unusual.
A Korea Communications Commission official stated, “By analyzing the malicious code and recovering the affected PCs, we are focusing on investigating the nature of the hack, in terms of establishing the entry pathway and methods used.”
To try and limit the potential for damage from similar attacks, the South Korean government has developed a vaccine in cooperation with vaccine makers including AhnLab and Hauri Inc. The vaccine is available free of charge through a KISA webpage: www.boho.or.kr.
