A hacking attack that paralysed the computer systems of South Korean broadcasters and banks on Wednesday originated from a Chinese internet address, fuelling suspicion that North Korea may be behind the shutdowns of 32,000 computers.
The Korea Communications Commission, which oversees telecoms and broadcasting, said on Thursday that a management server of Nonghyup Bank, one of the three affected institutions, was accessed by a Chinese IP address that generated malignant files. It added that the attacks into six infected institutions all came from a single entity and it was trying to track down the perpetrators.
“There can be many inferences based on the fact that the IP address is based in China,” Park Jae-moon, the KCC’s head of network policy, told a briefing. “We’ve left open all possibilities and are trying to identify the hackers.”
Experts believe many North Korean hackers operate from China, launching cyber attacks on South Korean organisations. Suspicion of North Korean involvement also grew because the attacks came days after North Korea accused its near neighbour and the US of cyber attacks that temporarily shut down some websites in Pyongyang.
“We are looking into all possibilities with a strong suspicion that North Korea was behind the cyber attack,” said a high-ranking official at the presidential office in Seoul.
The cyber attacks paralysed financial transactions at Shinhan Bank on Wednesday and disrupted operations at the other five infected institutions, although broadcasts were not affected.
Banking operations were normalised on Thursday but the KCC said it would take at least four or five days to restore all the infected computers. It has conducted checks on computer networks of major government institutions and distributed antivirus vaccines to prevent further damage.
The hacking incident came amid heightened tensions on the peninsula, as joint military exercises between South Korean and US troops continued, prompting angry threats from Pyongyang, and as the US announced it would ramp up its Pacific missile defences.
North Korea stepped up its rhetoric on Thursday, saying it would attack US military bases in Japan and the Pacific island of Guam if provoked. And it also held an air raid drill after blaming the US for preparing a military strike using bombers that have flown over the Korean peninsula.
The latest in a series of hostile threats from North Korea follows new UN sanctions on Pyongyang after its recent rocket launch and nuclear device test.
North Korea has also hit out at the continuing military exercises, involving 13,500 US and South Korean troops. The US defence department announced on Tuesday that it was sending a B-52 bomber aircraft over South Korea as a warning to Pyongyang.
North Korea has previously been accused of hacking attacks including one last year on the Joongang Ilbo, a conservative national newspaper in South Korea.
The Korea Communications Commission, which oversees telecoms and broadcasting, said on Thursday that a management server of Nonghyup Bank, one of the three affected institutions, was accessed by a Chinese IP address that generated malignant files. It added that the attacks into six infected institutions all came from a single entity and it was trying to track down the perpetrators.
“There can be many inferences based on the fact that the IP address is based in China,” Park Jae-moon, the KCC’s head of network policy, told a briefing. “We’ve left open all possibilities and are trying to identify the hackers.”
Experts believe many North Korean hackers operate from China, launching cyber attacks on South Korean organisations. Suspicion of North Korean involvement also grew because the attacks came days after North Korea accused its near neighbour and the US of cyber attacks that temporarily shut down some websites in Pyongyang.
“We are looking into all possibilities with a strong suspicion that North Korea was behind the cyber attack,” said a high-ranking official at the presidential office in Seoul.
The cyber attacks paralysed financial transactions at Shinhan Bank on Wednesday and disrupted operations at the other five infected institutions, although broadcasts were not affected.
Banking operations were normalised on Thursday but the KCC said it would take at least four or five days to restore all the infected computers. It has conducted checks on computer networks of major government institutions and distributed antivirus vaccines to prevent further damage.
The hacking incident came amid heightened tensions on the peninsula, as joint military exercises between South Korean and US troops continued, prompting angry threats from Pyongyang, and as the US announced it would ramp up its Pacific missile defences.
North Korea stepped up its rhetoric on Thursday, saying it would attack US military bases in Japan and the Pacific island of Guam if provoked. And it also held an air raid drill after blaming the US for preparing a military strike using bombers that have flown over the Korean peninsula.
The latest in a series of hostile threats from North Korea follows new UN sanctions on Pyongyang after its recent rocket launch and nuclear device test.
North Korea has also hit out at the continuing military exercises, involving 13,500 US and South Korean troops. The US defence department announced on Tuesday that it was sending a B-52 bomber aircraft over South Korea as a warning to Pyongyang.
North Korea has previously been accused of hacking attacks including one last year on the Joongang Ilbo, a conservative national newspaper in South Korea.