Investigators trace cyberattack in South Korea to Chinese IP address
INVESTIGATORS have traced a coordinated cyberattack that paralyzed tens of thousands of computers at six South Korean banks and media companies to a Chinese IP address, but it is still unclear who orchestrated the attack, authorities in Seoul said yesterday.
The discovery did not erase suspicions North Korea was to blame. An IP address can provide an important clue to the location of an Internet-connected computer but can easily be manipulated by hackers operating anywhere in the world. The investigation into Wednesday's attack could take weeks.
By yesterday, only one of the six targets, Shinhan Bank, was back online and operating normally. It could be next week before the other companies have fully recovered.
The initial findings from South Korean investigators were based on results from an investigation into one target, Nonghyup Bank.
A malicious code that spread through the Nonghyup server was traced to an IP address in China, said Cho Kyeong-sik, a spokesman for the state-run Korea Communications Commission. Regulators said all six attacks appeared to come from "a single organization."
The Chinese IP address identified by the South Korean communications regulator belongs to an Internet services company, Beijing Teletron Telecom Engineering Co, according to the website tracking and verification service Whois.
A woman who answered the phone number listed on Beijing Teletron's website denied the company was involved. She refused to identify herself or provide further information.
Beijing Teletron operates fiber-optic networks and provides Internet services. It is the seventh-largest host of IP addresses in China. A subsidiary of the Shanghai-listed Dr Peng Telecom and Media Group, Beijing Teletron's clients include government agencies and state media - the Ministry of Foreign Affairs, the State Council Information Office and the People's Daily, the Communist Party's flagship newspaper.
North Korea has threatened Seoul and Washington in recent days over UN sanctions imposed for a February nuclear test, and over ongoing US-South Korean military drills. It also threatened revenge after blaming Seoul and Washington for an Internet shutdown last week.
North Korea "will never remain a passive onlooker to the enemies' cyberattacks," state media said last week. "The US and its allies should be held wholly accountable for the ensuing consequences."
Wednesday's cyberattack did not affect South Korea's government, military or infrastructure, and there were no initial reports that bank records had been compromised. But it disabled scores of cash machines, disrupting commerce in the Internet-dependent country.
The attack disabled some 32,000 computers at broadcasters YTN, MBC and KBS, as well as three banks. Many of the computers were still down yesterday, but programs were unaffected, and all ATMs were back online except for those at 16 Nonghyup Bank branches.
If the attack was carried out by North Korea, it may be a warning that Pyongyang is capable of breaching South Korea's computer networks with relative ease.
South Korean investigators say they have no proof North Korea was behind the attack. However, the outage took place as Pyongyang warned Seoul against holding joint military drills with the US that it considers rehearsals for an invasion.
The discovery did not erase suspicions North Korea was to blame. An IP address can provide an important clue to the location of an Internet-connected computer but can easily be manipulated by hackers operating anywhere in the world. The investigation into Wednesday's attack could take weeks.
By yesterday, only one of the six targets, Shinhan Bank, was back online and operating normally. It could be next week before the other companies have fully recovered.
The initial findings from South Korean investigators were based on results from an investigation into one target, Nonghyup Bank.
A malicious code that spread through the Nonghyup server was traced to an IP address in China, said Cho Kyeong-sik, a spokesman for the state-run Korea Communications Commission. Regulators said all six attacks appeared to come from "a single organization."
The Chinese IP address identified by the South Korean communications regulator belongs to an Internet services company, Beijing Teletron Telecom Engineering Co, according to the website tracking and verification service Whois.
A woman who answered the phone number listed on Beijing Teletron's website denied the company was involved. She refused to identify herself or provide further information.
Beijing Teletron operates fiber-optic networks and provides Internet services. It is the seventh-largest host of IP addresses in China. A subsidiary of the Shanghai-listed Dr Peng Telecom and Media Group, Beijing Teletron's clients include government agencies and state media - the Ministry of Foreign Affairs, the State Council Information Office and the People's Daily, the Communist Party's flagship newspaper.
North Korea has threatened Seoul and Washington in recent days over UN sanctions imposed for a February nuclear test, and over ongoing US-South Korean military drills. It also threatened revenge after blaming Seoul and Washington for an Internet shutdown last week.
North Korea "will never remain a passive onlooker to the enemies' cyberattacks," state media said last week. "The US and its allies should be held wholly accountable for the ensuing consequences."
Wednesday's cyberattack did not affect South Korea's government, military or infrastructure, and there were no initial reports that bank records had been compromised. But it disabled scores of cash machines, disrupting commerce in the Internet-dependent country.
The attack disabled some 32,000 computers at broadcasters YTN, MBC and KBS, as well as three banks. Many of the computers were still down yesterday, but programs were unaffected, and all ATMs were back online except for those at 16 Nonghyup Bank branches.
If the attack was carried out by North Korea, it may be a warning that Pyongyang is capable of breaching South Korea's computer networks with relative ease.
South Korean investigators say they have no proof North Korea was behind the attack. However, the outage took place as Pyongyang warned Seoul against holding joint military drills with the US that it considers rehearsals for an invasion.
- About Us
- |
- Terms of Use
- |
-
RSS
- |
- Privacy Policy
- |
- Contact Us
- |
- Shanghai Call Center: 962288
- |
- Tip-off hotline: 52920043
- 娌狪CP璇侊細娌狪CP澶05050403鍙-1
- |
- 浜掕仈缃戞柊闂讳俊鎭湇鍔¤鍙瘉锛31120180004
- |
- 缃戠粶瑙嗗惉璁稿彲璇侊細0909346
- |
- 骞挎挱鐢佃鑺傜洰鍒朵綔璁稿彲璇侊細娌瓧绗354鍙
- |
- 澧炲肩數淇′笟鍔$粡钀ヨ鍙瘉锛氭勃B2-20120012
Copyright 漏 1999- Shanghai Daily. All rights reserved.Preferably viewed with Internet Explorer 8 or newer browsers.