South Korea blames North for bank and TV cyber-attacks

  • Published
Cyber researcher in Seoul
Image caption,
South Korean investigators say some of the malware had been used in previous attacks

South Korea has accused North Korean spies of masterminding a series of high-profile cyber-attacks last month.

Tens of thousands of computers were made to malfunction, disrupting work at banks and television broadcasters in the South.

Investigators in Seoul said they had discovered some of the code involved was identical to that used in malware previously linked to Pyongyang.

The allegation adds to growing tension on the Korean peninsula.

On Tuesday North Korea told foreigners in the South to "work out measures for evacuation" to avoid becoming involved in a "thermonuclear war".

Seoul's foreign minister subsequently said that there was a "considerably high" risk that its neighbour might fire a ballistic missile at it over the coming days.

North Korea has not commented on the cyber-attack accusation.


About 48,000 PCs and servers in the South were struck on 20 March.

The assault shut down computer networks at TV stations KBS, MBC and YTN, and halted operations at three banks - Shinhan, NongHyup and Jeju.

Investigators in Seoul reported their initial findings suggested North Korea's military-run Reconnaissance General Bureau had been responsible.

A spokesman announced that 30 out of 76 programs recovered from affected computers were the same as those used in previous strikes.

In addition he said that 22 of the 49 internet protocol (IP) addresses involved in the incidents matched those used in attacks blamed on the North over the past five years.

The recent assaults shortly followed a South Korea-US joint military exercise, but it was suggested they had been long in the planning.

Image caption,
The Korea Internet Security Agency plans to issue a final report into the attacks at a later date

"The attackers gained control of personal computers or server computers within the target organisations at least eight months ago," a government statement reported in the Korea Herald said.

"After maintaining monitoring activities [they] sent out the command to delete data stored in the server, and distributed malware to individual computers through the central server."

South Korea's Financial Services Commission added that no bank records or personal data had been compromised.

'Outdated system'

Previous cyber-intrusions blamed on Pyongyang include attempts to block access to the website of South Korea's presidential office and other government departments, and hacks of computers at Nonghyup bank and the Joonang Ilbo newspaper.

In turn, North Korea has accused both the South and the US of preventing users from being able to visit its official media sites - the Rodong Sinmun newspaper and the Korean Central News Agency - earlier this year.

It has led some commentators in the South to criticise the state of their cyber-defences bearing in mind the public there is much more reliant on the internet than citizens in the North.

"South Korea cannot cope with unpredictable and sophisticated provocations from North Korea with a bureaucratic, rigid mindset," wrote Chae In-taek in the Joonang Ilbo.

"National security cannot be assured through an outdated system. We must come up with an innovative security system fast."

Related Internet Links

The BBC is not responsible for the content of external sites.