Did South Korea cyber attacks originate in China? New evidence says no

Investigations into Wednesday’s cyber attacks on South Korea have taken a fresh twist, with the country’s telecom regulator now claiming the IP address behind the hack may not have been located in China, as was initially thought.

The Korea Communications Commission (KCC) yesterday declared, "Unidentified hackers used a Chinese IP address to contact servers of the six affected organisations and plant the malware which attacked their computers," referring to the banks and television networks struck by the malicious code.

But Reuters has today reported that the KCC is back-tracking on its statement, after further evidence collected at the Nong-Hyup bank – one of Wednesday’s victims – showed the IP in question was a virtual IP address used within the bank for internal purposes.

By coincidence, this matched another IP address registered in China which prompted the original assertion. The KCC says there are still signs the malicious code came from a foreign nation and that a single entity was likely responsible for all of the six attacks.

Around 32,000 computers were hit by the assault, according to the state-run Korea Internet Security Agency, as banking services were put out of action and television staff struggled at workstations shutting down and refusing to reboot.

The agency believes it will take up to five days before all functions are fully restored.