South Korea hit with cyber attacks on major banks, media outlets … again; North Korea blamed … again

UPDATE (10 April): The South made its preliminary case today that a North Korean espionage agency was behind the 20 March cyber attacks. According to the South’s report, the North began preparing for the attack last June, with systems testing beginning in late February. Of the 76 types of malicious code used in the attack, 30 were similar to previous attacks by the North, and 22 of 49 IP addresses overlapped with previous addresses used during cyber attacks traced to the North since 2009.

Graph courtesy Yonhap News
Graph courtesy Yonhap News

UPDATE (22 March): The South’s communications commission issued an update today declaring the cyber attack started from an IP address at a domestic bank (Nonghyup), not a Chinese address, as they reported yesterday. Meaning, aside from an irritated China and embarrassed Korean bureaucrats, that the attack erupted from a domestic source. How the code was placed on that server, by whom, and how it spread is still under investigation – an investigation likely to be much more circumspect in placing blame during future announcements.

On another note, perhaps the biggest news from the peninsula this week, submerged under the flood of reporting on the cyber attack, was a report that China’s oil exports to North Korea fell to zero in February. Perhaps a sign that the Chinese are getting fed up with the North’s missile and nuke testing – China normally sends 30-50,000 tons of oil to the North per month, an official figure that hasn’t gone to zero since 2007. If this continues through March, we may see a sudden change in the North’s tone, at least long enough for the Chinese to restart the spigots. Frankly, China shutting down its supply of oil to the North for two straight months would surprise me more than a semi-crazy member of the Bad Boys getting invited to Pyongyang to drink with the head Kim, but hey, stranger things have happened.

And a cyber response to UN sanctions it is – North Korea apparently launched a coordinated cyber attack yesterday afternoon on South Korea, “paralyzing” 30,000 computers at major media outlets and banks. The tactics used in the attack, while reportedly old, are a step beyond previous attacks that simply used DDoS methods to overload the servers at the targeted institutions. As before, the North routed the attack through servers in China, though China was more likely the conduit than the culprit.


When it comes to cyber expertise and hacker attacks, North Korea doesn’t spring to mind for most people, but this marks the latest in a series of cyber attacks the North has launched against the South. The reasons why, and why it will not be the last, have been discussed here previously and include the comparative cheapness of cyber (a computer costs a lot less than a copter), the difficulty in determining attribution, and the North’s lack of vulnerability to similar attacks. While some may not like or trust the sources, click here for an excellent overall summary of why North Korea has turned to the cyber realm, from a former North Korean hacker instructor.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.