Go to Contents Go to Navigation

(LEAD) Malicious code in NongHyup system came from Chinese IP: gov't

All Headlines 11:34 March 21, 2013

(ATTN: ADDS details throughout)
By Lee Minji

SEOUL, March 21 (Yonhap) -- Part of the malicious code that paralyzed network systems at South Korean banks and TV broadcasters came from a Chinese Internet Protocol (IP) address, Seoul's communications watchdog said Thursday.

Local TV broadcasters KBS, MBC and YTN along with Shinhan, NongHyup and Jeju banks suffered a massive network failure on Wednesday that halted financial services and crippled operations.

Following an analysis of source codes, the Korea Communications Commission (KCC) announced that the incident was caused by malicious code rather than distributed denial-of-service (DDoS) attacks.

In a briefing, the KCC said a Chinese IP address ( accessed NongHyup's update management server and generated malicious files.

The communications watchdog said it believes the six affected institutions were attacked by a single entity but did not elaborate further.

"The Chinese IP may trigger various assumptions. At the current stage, we are open to all possibilities and are doing our best to track down the hacker," said KCC official Park Jae-moon.

The KCC official's remarks come amid speculations that North Korea may have masterminded the attack amid heightening tensions on the Korean Peninsula.

South Korea has accused North Korea of carrying out a series of cyber attacks on the Web sites of government agencies and financial institutions over the past few years, though the North denied the allegations.

In June 2012, the JoongAng Ilbo, one of the country's major conservative media outlets, came under a cyber attack that crippled its server and Web site. The National Police Agency later determined that North Korea was responsible for the attack.

NongHyup's computer networks also crashed in September 2010 apparently under attack from the North, according to prosecutors and police.

Following Wednesday's network paralysis, the KCC raised the alert level on cyber attacks to "caution," the third highest level on a five-notch scale.

Under a "caution" alert, the government triples its monitoring workforce and organizes a government-wide investigation team to launch on-site inspections.

As part of efforts to prevent further damages, the government has distributed antivirus programs that can be downloaded from the Korea Internet Security Agency Web site.

The government urged computer users to restart their computers in safety mode and use the antivirus program to check whether their computers have been compromised by setting the date to before Wednesday at 2 p.m., when the attacks occurred.

South Korea plans to hold a cyber security strategy meeting when the investigations make further progress.

No damage has been detected so far at state and public institutions and infrastructures, according to the KCC.


Send Feedback
How can we improve?
Thanks for your feedback!