South Korean investigators say they were wrong when they identified a Chinese Internet address as the origin of a cyberattack that paralyzed tens of thousands of computers at six South Korean companies this week. However, they still believe the attack originated from somewhere abroad.
Seoul’s Korea Communications Commission said yesterday that an internet protocol (IP) address linked to Wednesday’s attack actually belonged to a computer at one of the South Korean companies that were hit.
Commission officials say the IP address was used only for the company’s internal network and was identical to a public Chinese address. Investigators say an analysis of malware and servers indicates the attack was likely orchestrated from abroad. They did not elaborate.
Meanwhile, Seoul said yesterday it is preparing for the possibility of more cyberattacks, while a new team of investigators try to determine if North Korea was behind the synchronized shutdown of computers at the six banks and media companies.
Many in Seoul suspect hackers loyal to Pyongyang were responsible for the attack, but South Korean officials have yet to assign blame and say they have no proof yet of North Korea’s involvement.
The investigation could take weeks.
South Korea has set up a team of computer security experts from the government, military and private sector to identify the hackers and is preparing to deal with more possible attacks, presidential spokesman Yoon Chang-jung told reporters yesterday.
He did not elaborate on the possibility of more attacks, but said the prime minister would later hold a meeting to discuss ways to beef up cybersecurity at institutions overseeing infrastructure, such as roads and electricity.
If the attack was in fact carried out by North Korea, it may be a warning to Seoul that Pyongyang is capable of breaching its computer networks with relative ease.
The cyberattack did not affect South Korea’s government, military or infrastructure, and there were no initial reports that customers’ bank records were compromised. However, it disabled cash machines and disrupted commerce in the tech-savvy, Internet-dependent country, renewing questions about South Korea’s Internet security and vulnerability to hackers.
All three of the banks that were hit were back online and operating regularly yesterday. It could be next week before the media companies have fully recovered.
Regulators said all six attacks appeared to come from “a single organization.”