S. Korea under cyber attack, is it N.Korea counteroffensive?

As expected happened, just yesterday I wrote about a large scale cyber attack against North Korea that blocked internet activities of the country bringing down almost all of all websites, today South Korean authorities are facing with a hacking attack against an Internet provider that brought down the servers of three broadcasters and two major banks.

Let’s step back, the attack that hit North Korea blocked popular propaganda web site such as the Rodong Sinmun and the Korean Central News Agency (KCNA).

“Internet servers operated by our republic have come under daily cyber attack(s) which are persistent and intensive”, The KCNA reported.

The agency accused United States and South Korea for the attack, due possible reprisals by the government of Pyongyang South Korea raised the level of alert Infocon that reflects the current likelihood of an imminent cyber attack, the Infocon level passed from five to four due the tension in Korean area, a level defined by South Korea’s defense minister as a “general threat.

It’s been a few days and a cyberattack hit South Korea, everything suggests a counter-offensive of North Korea, the network provided by LG UPlus Corp has been hacked by a group calling itself the “Whois Team”, unknown to date, the announced further operations.

The offensives have hit also media and banking of the South Korea, television networks YTN, MBC and KBS and Shinhan Bank and NongHyup Bank, two major banks of the country, were attacked.

“We sent down teams to all affected sites. We are now assessing the situation. This incident is pretty massive and will take a few days to collect evidence,” a representative of law enforcement.

Government representative confirmed a malware based attack to South Korean news agency Yohap that infected computer networks.

“Military tensions in the area is escalated dramatically after the North conducted its third nuclear test last month that has caused the immediate condemnation of the international community, Pyongyang responded to the subsequent UN sanctions menacing the use of nuclear weapons. Western intelligence agencies known the attention given by Korean cyber militias to governments considered hostile. There are countless cyber operations of cyber espionage and more generally of cyber warfare against the West and the historical opponents such as South Korea.”

Fortunately according South Korea’s military none of critical infrastructures of the country was affected, neither government networks, but concern is high.  Until now, the government of  Seoul has not speculated about the event, the situation is very complex and cyber attacks observed on this day may have been triggered by independent groups of hackers or by other states interested in exacerbating tensions in the area.

The Korea Internet Security Agency reported  40,000 cases of cyber attacks in 2012, up from 24,000 in 2008, and according cyber security community North Korea in the past already hit the neighbors with powerful cyber-attacks targeting banks, newspapers and government institutions during ten long days in 2011 dubbed by firm McAfee “Ten Days of Rain”.

South Korea has stepped up its information surveillance status following a cyber-attack , but the enemis appear aggressive.

Let’s wait more information from investigation …

Pierluigi Paganini

(Security Affairs – Cyber warfare)