Skip to main content

South Korea cyber attack originated from Chinese IP address, officials say

The inquest has begun in South Korea after a number of the country’s banks and television stations were struck by a cyber attack yesterday, and officials now claim the hack originated from an IP address in China.

Korean authorities were on red alert on Wednesday as the attack put online banking services and ATM machines out of action, while TV networks struggled through broadcasts as staff computers were completely shut down.

A distributed denial of service (DDoS) attack was initially thought to be responsible, but the nature of hack soon pointed to an injection of malware.

Twenty four hours into the subsequent investigation, Park Jae-moon of Korea's Communications Commission (KCC) told the BBC the source of the attack had been identified.

"Unidentified hackers used a Chinese IP address to contact servers of the six affected organisations and plant the malware which attacked their computers," he said.

"At this stage, we're still making our best efforts to trace the origin of attacks, keeping all kinds of possibilities open," he said.

Security researchers have been predicting a cyber assault from neighbours North Korea, and the country’s history of using Chinese addresses in hacking episodes will increase suspicions Pyongyang was behind yesterday’s chaos. But South Korean officials have refused to single out a perpetrator yet, commenting that IP addresses cannot confirm who was behind the attack.

As police investigations and analysis of the virus continue, South Korea remains on guard, after the KCC raised its cyber attack alert levels to ‘caution,’ the third highest of five levels, reports the Yonhap news agency.