A Chinese Internet address was the source of the cyberattacks that hit South Korean banks and broadcasters Wednesday, wiping the memories of as many as 32,000 computers and shutting down ATMs and online banking, authorities in Seoul said Thursday.
“Unidentified hackers used a Chinese [Internet protocol] address to contact servers of the six affected organizations and plant the malware which attacked their computers,” Park Jae-moon, director of network policy at Korea Communications Commission, South Korea’s telecommunications regulator, said in a statement.
Mr. Park stressed that tracking down the IP source to China did not explain who was behind the attack, which might have been routed through the Chinese address from elsewhere.
South Korean investigators said they have no proof that North Korea was behind the attack.
Wednesday’s cyberattacks, the largest against South Korea in at least two years, came amid rising tensions on the Korean Peninsula and just days after North Korea accused the United States and its South Korean allies of knocking several of Pyongyang’s websites offline last week.
North Korean leaders have ratcheted up their bellicose rhetoric recently. On March 11, Pyongyang said it had scrapped the cease-fire that halted fighting in the Korean War in 1953, though the two sides technically remain in a state of hostilities. However, the U.N. said that neither side can unilaterally end the truce.
SEE ALSO: Cyberattack hits South Korea’s banks, media
Pyongyang was blamed for cyberattacks in 2009 and 2011 that also had targeted South Korean financial institutions and government agencies.
In 2011, computer security software maker McAfee Inc. said North Korea or its sympathizers likely were responsible for a cyberattack against South Korean government and banking websites that year.
The analysis also said North Korea appeared to be linked to a massive computer-based attack in 2009 that brought down U.S. government Internet sites. Pyongyang denied any involvement.
On Thursday, South Korea’s Yonhap news agency quoted unnamed government officials as saying North Korea was also behind Wednesday’s attack.
While authorities in Seoul have been investigating the attacks, the three broadcasters and three banks hit said they managed to get their networks and services back online by early Thursday, Yonhap reported.
“We successfully recovered our mainstay network related to programming and advertising this morning, and normalized our service,” an official of the public broadcaster KBS told the news agency. “But we are still working to recover around 5,000 personal computers that came under the attack, and our Web site is still inaccessible.”
The two other broadcasters and the financial companies also said they had recovered their networks, while more work will be required to restore their hundreds of personal computers, Yonhap reported.
⦁ This article is based in part on wire service reports.
• Shaun Waterman can be reached at swaterman@washingtontimes.com.
Please read our comment policy before commenting.