North is suspect No. 1 for hacksThe government pointed to North Korea yesterday as the most likely suspect behind recent cyberattacks against government, media and the Saenuri Party Web sites.
The hacks happened between June 25 and July 1 and resulted in damages to 69 organizations, including the presidential office.
June 25, when the first wave of cyberattacks began, marked the 63rd anniversary of the outbreak of the 1950-53 Korean War.
The Ministry of Science, ICT and Future Planning said the methods used for the latest cyberattacks on a wide range of public and private organizations closely resembled past hacks committed by Pyongyang, including those that were launched on March 20.
The ministry added that the results of the investigation provided firm evidence that Pyongyang had orchestrated the latest hacks.
“After a thorough analysis of 82 malignant codes recovered from hacked sites, as well as Internet addresses used for the attack and past hacking tactics employed by the North, we have determined the attackers systemically prepared the attacks,” said the ministry in yesterday’s statement.
It also added that they had targeted other South Korean Web sites prior to the main attack in preparation.
The ministry said the IP addresses used in attacking the Web sites of government agencies on June 25 were identical to the ones the North had used previously.
The ministry also said the hackers destroyed the hard drive used in the cyberattack, but the cyber forensics team was able to restore the data.
The distributed denial of service (DDoS) attacks against government sites were a variation of the March 20 cyberattacks, which paralyzed the sites of major South Korean broadcasters and banks, according to the Future Ministry.
The Blue House Web page was defaced with a range of messages hailing North Korean leader Kim Jong-un.
The main banner and photograph of President Park Geun-hye was replaced with a message in large red text stating in Korean, “Hurrah! Kim Jong-un, the president for a unified Korea,” and an image of a blue, undivided Korea.
A message reading, “The attacks will continue. Wait for us,” was also displayed under the name Anonymous, an international hacking group.
The ministry believes it was an attempt to “cause confusion in identifying the suspect of the attack.”
BY KANG JIN-KYU, KWON SO-YEON [email@example.com]