Categories: Cyber warfare

S. Korea under cyber attack, is it N.Korea counteroffensive?

As expected happened, just yesterday I wrote about a large scale cyber attack against North Korea that blocked internet activities of the country bringing down almost all of all websites, today South Korean authorities are facing with a hacking attack against an Internet provider that brought down the servers of three broadcasters and two major banks.

Let’s step back, the attack that hit North Korea blocked popular propaganda web site such as the Rodong Sinmun and the Korean Central News Agency (KCNA).

“Internet servers operated by our republic have come under daily cyber attack(s) which are persistent and intensive”, The KCNA reported.

The agency accused United States and South Korea for the attack, due possible reprisals by the government of Pyongyang South Korea raised the level of alert Infocon that reflects the current likelihood of an imminent cyber attack, the Infocon level passed from five to four due the tension in Korean area, a level defined by South Korea’s defense minister as a “general threat.

It’s been a few days and a cyberattack hit South Korea, everything suggests a counter-offensive of North Korea, the network provided by LG UPlus Corp has been hacked by a group calling itself the “Whois Team”, unknown to date, the announced further operations.

The offensives have hit also media and banking of the South Korea, television networks YTN, MBC and KBS and Shinhan Bank and NongHyup Bank, two major banks of the country, were attacked.

“We sent down teams to all affected sites. We are now assessing the situation. This incident is pretty massive and will take a few days to collect evidence,” a representative of law enforcement.

Government representative confirmed a malware based attack to South Korean news agency Yohap that infected computer networks.

“Military tensions in the area is escalated dramatically after the North conducted its third nuclear test last month that has caused the immediate condemnation of the international community, Pyongyang responded to the subsequent UN sanctions menacing the use of nuclear weapons. Western intelligence agencies known the attention given by Korean cyber militias to governments considered hostile. There are countless cyber operations of cyber espionage and more generally of cyber warfare against the West and the historical opponents such as South Korea.”

Fortunately according South Korea’s military none of critical infrastructures of the country was affected, neither government networks, but concern is high.  Until now, the government of  Seoul has not speculated about the event, the situation is very complex and cyber attacks observed on this day may have been triggered by independent groups of hackers or by other states interested in exacerbating tensions in the area.

The Korea Internet Security Agency reported  40,000 cases of cyber attacks in 2012, up from 24,000 in 2008, and according cyber security community North Korea in the past already hit the neighbors with powerful cyber-attacks targeting banks, newspapers and government institutions during ten long days in 2011 dubbed by firm McAfee “Ten Days of Rain”.

South Korea has stepped up its information surveillance status following a cyber-attack , but the enemis appear aggressive.

Let’s wait more information from investigation …

Pierluigi Paganini

(Security Affairs – Cyber warfare)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Two flaws in vBulletin forum software are under attack

Experts found two vulnerabilities in the vBulletin forum software, one of which is already being…

9 hours ago

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 47

Security Affairs Malware newsletter includes a collection of the best articles and research on malware…

11 hours ago

Security Affairs newsletter Round 526 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best…

14 hours ago

Two Linux flaws can lead to the disclosure of sensitive data

Qualys warns of two information disclosure flaws in apport and systemd-coredump, the core dump handlers in Ubuntu, Red Hat Enterprise…

1 day ago

Meta stopped covert operations from Iran, China, and Romania spreading propaganda

Meta stopped three covert operations from Iran, China, and Romania using fake accounts to spread…

2 days ago

US Treasury sanctioned the firm Funnull Technology as major cyber scam facilitator

The U.S. sanctioned Funnull Technology and Liu Lizhi for aiding romance scams that caused major…

3 days ago