Skip to main content
CNN

Hacking attack on South Korea traced to China, officials say

By Michael Pearson. K.J. Kwon and Jethro Mullen, CNN
March 21, 2013 -- Updated 0241 GMT (1041 HKT)
STORY HIGHLIGHTS
  • NEW: Attack traced to IP address in China, officials say
  • North Korea has staged similar attacks in the past, expert says
  • Banks, broadcasters targeted; government networks unaffected, Yonhap reports
  • South Korean military steps up its cyberdefense efforts in response

Seoul, South Korea (CNN) -- The suspected cyberattack that appeared to target South Korean banks and broadcasters Wednesday originated from an IP address in China, South Korea's Communications Committee said in a statement Thursday.

The attack damaged 32,000 computers and servers of media and financial companies, the committee said.

South Korean officials are analyzing the cause and are working to prevent any further damage, the committee said.

The attack infected banks' and broadcasters' computer networks with a malicious program that slowed or shut systems down, officials and the semiofficial Yonhap News Agency said.

Suspicion immediately fell on North Korea, which has recently renewed threats to go to war with the South amid rising tensions over Pyongyang's nuclear weapons and missile testing and international efforts to stop them.

South Korea's military stepped up its cyberdefense efforts in response to the widespread outages, which hit nine companies, Yonhap reported, citing the National Police Agency.

Government computer networks did not seem to be affected, Yonhap cited the National Computing and Information Agency as saying.

Experiencing a potential cyberattack
Cybersecurity concerns for China, U.S.

A joint team from government, the military and private industry was responding, a presidential spokeswoman said, according to Yonhap.

A South Korean official close to the investigation told CNN that malicious computer code spread through hacking caused the outages.

How the hackers got in and spread the code remains under investigation, and analysts are examining the malware, the official said.

U.S. flies B-52s over South Korea

Wednesday's attack is consistent with what North Korea has done in the past, said Adam Segal, a cybersecurity expert with the Council on Foreign Relations.

"It's happened before in similar circumstances where there have been tensions on the peninsula," Segal said.

South Korea has accused the North of similar hacking attacks before, including incidents in 2010 and 2012 that also targeted banks and media organizations.

The outages come amid heightened tensions on the Korean Peninsula, with the North angrily responding to a recent U.N. Security Council vote to impose tougher sanctions on Pyongyang after the country's latest nuclear test last month.

Last week, North Korea invalidated its 60-year-old armistice with the South. It has threatened to attack its neighbor with nuclear weapons and has also threatened the United States.

The armistice agreement, signed in 1953, ended the three-year war between North and South but left the two nations technically in a state of war.

The saber-rattling prompted the United States to deploy B-52 bombers to conduct high-profile flyovers of its South Korean ally and announce that it would deploy new ground-based missile interceptors on its West Coast against the remote possibility that North Korea could strike the United States with long-range weapons.

Under threat, South Koreans mull nuclear weapons

Last week, North Korea complained that it was the victim of "intensive and persistent virus attacks" from the United States and South Korea, according to KCNA, the official North Korean news agency.

Yonhap said Wednesday's outages affected three broadcasters, four banks and two insurance companies.

The three broadcasters -- KBS, MBC and YTN -- reported varying levels of trouble containing the virus. While the networks remained on the air, cable network YTN said editing equipment had been affected and it expected to experience broadcasting problems, Yonhap reported.

Computer networks stopped working entirely at three banks -- Shinhan, Nonghyup and Jeju -- around 2 p.m. Wednesday, Yonhap reported, citing the National Police Agency. Another financial institution, Woori Bank in Seoul, reported it was able to fend off a hacking attack about the same time.

The banks that were affected reported problems with a variety of systems, including Internet banking, ATMs and telecommunication services, and some branches stayed open late because of the slowdown, Yonhap said.

CNN's K.J. Kwon reported from Seoul, Jethro Mullen reported from Hong Kong and Michael Pearson wrote from Atlanta. Judy Kwon and Hilary Whiteman in Hong Kong contributed to this report.

ADVERTISEMENT
Part of complete coverage on
CNN Recommends
June 19, 2013 -- Updated 0804 GMT (1604 HKT)
50 years after JFK's "Ich bin ein Berliner" speech, one expert says Barack Obama visits Berlin at a desperately crucial time.
June 19, 2013 -- Updated 1231 GMT (2031 HKT)
In a country caricatured for its deification of soccer, the World Cup, Confederations Cup and FIFA have become symbols of corruption and waste.
June 19, 2013 -- Updated 0059 GMT (0859 HKT)
A man who silently stood in Taksim Square and stared at a portrait of the founder of the modern Turkish state, drew hundreds to his vigil.
June 19, 2013 -- Updated 1211 GMT (2011 HKT)
In a file picture taken on January 30, 2012, Taliban fighters stand with their weapons as they hold the Muslim holy book Koran after they joined Afghan government forces during a ceremony in Herat province. The medieval Taliban who ran Afghanistan with the Koran in one hand and a gun in the other now tweet and talk peace, but they remain a potent threat as a NATO withdrawal looms.
As Afghan forces formally take over security of the country, what is likely to be on the table when the U.S. and the Taliban meet for talks?
June 19, 2013 -- Updated 0854 GMT (1654 HKT)
North Korea's recent belligerence has many in China, its lone ally, saying enough is enough. But would Beijing really cut Kim Jong Un off?
June 19, 2013 -- Updated 1047 GMT (1847 HKT)
Whether you've a vague fear of Big Brother or a desire to keep your bank information private, there are ways of securing your data.
Among the intriguing pieces of history in Chinese coastal province Fujian are the tulou: large, round, rammed-earth buildings dating back centuries.
June 18, 2013 -- Updated 1539 GMT (2339 HKT)
NYU did a great favor not only for the Chinese dissident but also for both the U.S. and Chinese governments, writes James Millward.
June 18, 2013 -- Updated 0314 GMT (1114 HKT)
Former NSA contractor Edward Snowden is laying low, but that's becoming increasingly difficult. CNN's Ian Lee reports.
June 19, 2013 -- Updated 1111 GMT (1911 HKT)
Esspresso being made at the Everyman Expresso coffee house July 31, 2012 in the Soho section of New York.
Tired of seeing developed nations take the lion's share of profits from his country's coffee crop, this businessman decided on a new plan.
June 19, 2013 -- Updated 1322 GMT (2122 HKT)
There's a new menace lurking in the streets of London -- exploding sidewalks, which have injured at least 5 people.
June 13, 2013 -- Updated 1040 GMT (1840 HKT)
Scenes of violent clashes between protesters and police may make visitors to Istanbul think twice. Is it time to cancel your trip?
June 19, 2013 -- Updated 0936 GMT (1736 HKT)
An A330-200 Airbus plane of Emirates airline at the Harare International Airport on February 1, 2012.
Who has been voted the world's best airline by passengers at the annual Skytrax World Airline Awards?

Most Popular

Today's five most popular stories

Feds, again, leave empty-handed in Hoffa hunt

Filmmaker asserts new evidence on crash of TWA Flight 800

Sky trains, super bridges: 8 of the world's most spectacular infrastructure projects

Has U.S. started an Internet war?

Exploding sidewalks menace London pedestrians

More
ADVERTISEMENT