S Korea says Chinese IP behind cyber attack

State telecom regulator says China internet address was source of cyber attack on four TV networks and major bank.

South Korea says an initial investigation shows a Chinese internet address was the source of a cyber attack on one of the companies shut down by computer crashes.

South Korea’s telecom regulator said on Thursday that a Chinese address created the malicious code in the server of one of the banks, Nonghyup, that crashed on Wednesday.

Experts say hackers often launch attacks via computers in other countries in an attempt to keep their identities from being exposed. Such addresses can easily be manipulated and disguised.

Regulators have distributed vaccine software to government offices, banks, hospitals and other institutions to prevent more outages.

The source of the attack is not yet clear. But suspicion has quickly fallen on North Korea. Pyongyang has threatened Seoul with attack in recent days.

Media hit

South Korea’s army raised its alert level after the cyber attack was suspected, said Al Jazeera’s Harry Fawcett, reporting from Seoul. 

The hacking paralysed computer networks of three major television stations and two banks on Wednesday, prompting the South Korean police to launch a major investigation.

Our correspondent said that South Korea appeared to have fallen victim to a highly planned attack. Before the investigation began, Fawcett said: “Whatever its source, it will raise keen questions about South Korea’s cyber security.”

A spokesman at LG Uplus said the company believed its network was attacked.

North suspected

Initial speculation centred on a potential hacking attack by North Korea, which has hacked South Korean institutions before, but the police and South Korean government said they could not yet ascertain the cause of the outages.

The biggest hacking effort attributed to Pyongyang was a 10-day denial of service attack in 2011 that antivirus firm McAfee, part of Intel Corp, dubbed “Ten Days of Rain”. It said that attack was a bid to test the South’s computer defences in the event of a real conflict.

South Korean authorities said Woori Bank, another major local lender, was also attacked on Wednesday but was not infected.

North Korea last week complained that its own websites had been hacked, blaming the US for staging cyber attacks aimed at “sabotages” against the country.