Cyberattack source still in question
Korea JoongAng Daily

Home > Business > Industry

print dictionary print
Published: 24 Mar. 2013, 00:04

Cyberattack source still in question

테스트

Workers at the Korea Internet Security Center in eastern Seoul yesterday check the origin of the massive cyberattacks against major banks and TV stations in Korea on Wednesday. [NEWSIS]

Previous reports that Wednesday’s cyberattacks on six major TV networks and banks were from a Chinese Internet Protocol (IP) address have been contradicted by evidence uncovered by the Korea Communications Commission. The top telecom watchdog said yesterday the IP address used for hacking the Nonghyup bank system turned out to be a virtual IP address for the bank’s internal system.

A day earlier, the joint investigation team consisting of the KCC, National Police Agency and the Korea Internet Security Agency said the attack came from China via China Telecom, connecting to the antivirus software-distributing patch management system and planting malicious code into the system to destroy the booting areas of linked computers.

The identification of China as the country of origin led to the assumption that North Korean hackers were behind the crime. The Blue House also said on Thursday it had a “strong suspicion North Koreans spread the malicious code.”

Nonghyup was pinpointed among the six victims because joint investigators found hints of the origin of the attack on some of its computers. TV networks KBS, MBC and YTN and Nonghyup, Shinhan and Jeju banks were attacked.

“We were confused because Nonghyup IP address was similar to the one used in China,” said Lee Jae-il, head of the Internet incidents prevention division at the KISA, yesterday. “That the IP address was based in Nonghyup’s antivirus software update management server does not necessarily mean the hackers were its own employees or South Koreans.”

According to international Internet usage protocol, countries are assigned unique IP addresses, and they are distinguishable from virtual IP addresses for intranet systems at different organizations. However, some addresses may overlap, according to KISA.

Meanwhile, investigators also found out that antivirus software from two major developers - AhnLab and Hauri - played a crucial role in actually spreading the malicious code. Antivirus-program users are supposed to update their software on a regular basis. The update request, however, is done by the central patch management system.

By Seo Ji-eun [spring@joongang.co.kr]
tags

More in Industry

McDonald's to raise prices of some items in line with industry trend

Lotte Group sells China theme park project to local Chinese company

LG Display's Q1 operating loss of $341.1 million better than estimates

Posco reports 25% drop in net profit for Q1 at $435.9 million

HYBE pushed NewJeans aside for Le Sserafim, says Min Hee-jin

Related Stories

Yang Hyun-jun makes first Scottish Cup start as Celtic beat Aberdeen 6-5 on penalties in electric semifinal

Korea ends Covid-19 response, disbands disaster management headquarters

Stoke's Bae Jun-ho gets assist in 3-0 win over Plymouth with two games to go

HD Korea Shipbuilding to support carbon neutrality for subcontractors

Former No. 1 Ryu So-yeon retires as three Korean golfers make major top 10
Log in to Twitter or Facebook account to connect
with the Korea JoongAng Daily
help-image Social comment?
s
lock icon

To write comments, please log in to one of the accounts.

Standards Board Policy (0/250자)