Skip to main content

Hacking attack on South Korea traced to Chinese address, officials say

By K.J. Kwon, Jethro Mullen and Michael Pearson, CNN
March 21, 2013 -- Updated 0928 GMT (1728 HKT)
STORY HIGHLIGHTS
  • NEW: China says hackers often use IP addresses from other countries
  • North Korea has staged similar attacks in the past, expert says
  • Previous attacks linked to the North have been traced to Chinese addresses
  • Banks, broadcasters targeted; government networks unaffected, Yonhap reports

Seoul, South Korea (CNN) -- The suspected cyberattack targeting South Korean banks and broadcasters originated from an IP address in China, South Korean regulators said Thursday, heightening suspicions of North Korean involvement.

The attack Wednesday damaged 32,000 computers and servers at media and financial companies, South Korea's Communications Commission said.

It infected banks' and broadcasters' computer networks with a malicious program, or malware, that slowed or shut down systems, officials and the semiofficial Yonhap News Agency said.

Suspicion immediately fell on North Korea, which has recently renewed threats to go to war with the South amid rising tensions over Pyongyang's nuclear weapons, and missile testing and international efforts to stop them.

Some past cyberattacks on South Korean organizations that officials linked to North Korea were traced to IP addresses in China. An IP address is the number that identifies a network or device on the Internet.

Experiencing a potential cyberattack
Cybersecurity concerns for China, U.S.

China, which has been accused by U.S. organizations of supporting cyberattacks, said Thursday that it was aware of reports on the matter.

"We have pointed out many times that hacking is a global issue. It is anonymous and transnational," said Hong Lei, a Chinese foreign ministry spokesman. "Hackers would often use IP addresses from other countries to launch cyberattacks."

South Korean officials are still analyzing the cause of the network crashes and are working to prevent any further damage, the country's communications commission said.

Increased alert level

The military has stepped up its cyberdefense efforts in response to the widespread outages, which hit nine companies, Yonhap reported, citing the National Police Agency.

Government computer networks did not seem to be affected, Yonhap cited the National Computing and Information Agency as saying.

A joint team from government, the military and private industry was responding.

A South Korean official close to the investigation told CNN that malicious computer code spread through hacking caused the outages.

How the hackers got in and spread the code remains under investigation, and analysts are examining the malware, the official said.

U.S. flies B-52s over South Korea

Previous attacks linked to North

South Korean officials have not said who they suspect unleashed the malicious code, but experts believe it is consistent with what North Korea has done in the past.

"It's happened before in similar circumstances where there have been tensions on the peninsula," said Adam Segal, a cybersecurity expert with the Council on Foreign Relations.

There didn't appear to be any mention of the computer crash in North Korean state media.

South Korea has accused the North of similar hacking attacks before, including incidents in 2010 and 2012 that also targeted banks and media organizations. The North rejected the allegations.

The outages come amid heightened tensions on the Korean Peninsula, with the North angrily responding to a recent U.N. Security Council vote to impose tougher sanctions on Pyongyang after the country's latest nuclear test last month.

Last week, North Korea invalidated its 60-year-old armistice with the South. It has threatened to attack its neighbor with nuclear weapons and has also threatened the United States.

The armistice agreement, signed in 1953, ended the three-year war between North and South but left the two nations technically in a state of war.

The United States has deployed B-52 bombers to conduct high-profile flyovers of its South Korean ally and announced that it will deploy new ground-based missile interceptors on its West Coast against the remote possibility that North Korea could strike the United States with long-range weapons.

Under threat, South Koreans mull nuclear weapons

Accusations against U.S., South Korea

Last week, North Korea complained that it was the victim of "intensive and persistent virus attacks" from the United States and South Korea, according to KCNA, the official North Korean news agency.

Yonhap said Wednesday's outages affected three broadcasters, four banks and two insurance companies.

The three broadcasters -- KBS, MBC and YTN -- reported varying levels of trouble containing the virus. While the networks remained on the air, cable network YTN said editing equipment had been affected and it expected to experience broadcasting problems, Yonhap reported.

Computer networks stopped working entirely at three banks -- Shinhan, Nonghyup and Jeju -- around 2 p.m. Wednesday, Yonhap reported, citing the National Police Agency. Another financial institution, Woori Bank in Seoul, reported it was able to fend off a hacking attack about the same time.

The banks that were affected reported problems with a variety of systems, including Internet banking, ATMs and telecommunication services, and some branches stayed open late because of the slowdown, Yonhap said.

CNN's K.J. Kwon reported from Seoul, Jethro Mullen from Hong Kong and Michael Pearson from Atlanta. Judy Kwon in Hong Kong and Dayu Zhang in Beijing contributed to this report.

ADVERTISEMENT
Part of complete coverage on
April 16, 2014 -- Updated 1142 GMT (1942 HKT)
It was supposed to be a class trip to a resort island. Instead, the ferry capsized, turning the afternoon into a deadly nightmare.
April 15, 2014 -- Updated 2212 GMT (0612 HKT)
From giant zippers to buttock-shaped balloons, Jun Kitagawa's public art is whimsical, erotic and playful.
April 16, 2014 -- Updated 1258 GMT (2058 HKT)
Ukraine says it's forces have regained control of an airfield from Russian separatists. Nick Paton Walsh reports.
April 15, 2014 -- Updated 1702 GMT (0102 HKT)
Katrina Karkazis
Romance is hard, for anyone. For people with intersex traits, love poses unique challenges.
April 15, 2014 -- Updated 1851 GMT (0251 HKT)
Sky gazers caught a glimpse of the "blood moon" crossing the Earth's shadow Tuesday in all its splendor.
April 16, 2014 -- Updated 1135 GMT (1935 HKT)
An "extraordinary" video shows what looks like the largest and most dangerous gathering of al Qaeda in years.
April 15, 2014 -- Updated 1624 GMT (0024 HKT)
Oscar Pistorius didn't consciously pull the trigger the night he shot and killed his girlfriend, the sprinter testified at his murder trial.
April 14, 2014 -- Updated 2116 GMT (0516 HKT)
Officials are launching their next option: an underwater vehicle to scan the ocean floor.
April 15, 2014 -- Updated 1254 GMT (2054 HKT)
A mysterious new artwork has appeared in Cheltenham, where Britain's version of the NSA is located.
April 15, 2014 -- Updated 1523 GMT (2323 HKT)
Like many parents across Liverpool, the McManamans waited. 25 years ago, it was all they could do.
April 15, 2014 -- Updated 1324 GMT (2124 HKT)
The Maltese Falcon makes a swift turn while at sea.
How do you design a superyacht fit for the billionaire who has everything money can buy?
April 15, 2014 -- Updated 1548 GMT (2348 HKT)
Pop art condoms in Kenya
Packaging can change how people see things. And when it comes to sex, it could maybe help save lives too.
April 15, 2014 -- Updated 1542 GMT (2342 HKT)
mediterranean monk seal
Africa is home to much unique wildlife, but many of its iconic species are threatened.
April 15, 2014 -- Updated 1509 GMT (2309 HKT)
A staff stands next to the propellers of Sun-powered plane Solar Impulse 2 HB-SIB seen in silhouette during its first exit for test on April 14, 2014 in Payerne, a year ahead of their planned round-the-world flight. Solar Impulse 2 is the successor of the original plane of the same name, which last year completed a trip across the United States without using a drop of fuel. AFP PHOTO / FABRICE COFFRINI (Photo credit should read FABRICE COFFRINI/AFP/Getty Images)
This solar-powered aircraft will attempt to circle the globe next year.
April 14, 2014 -- Updated 1156 GMT (1956 HKT)
Most adults make the mistakes of hitting the snooze button and of checking emails first thing in the morning, writes Mel Robbins.
April 16, 2014 -- Updated 0043 GMT (0843 HKT)
Ebola victims usually come from remote areas -- but now the lethal virus is in a city of two million.
April 16, 2014 -- Updated 1336 GMT (2136 HKT)
Browse through images you don't always see on news reports from CNN teams around the world.
ADVERTISEMENT