Navy launches new frigate Chungbuk

Seoul blames Pyongyang for cyber attacks

Investigators find N.K. agency masterminded March 20-26 onslaught

kh close

 

Published : 2013-04-10 15:07
Updated : 2013-04-10 22:23

North Korea’s top military agency was behind the series of cyber attacks against South Korean broadcasters and financial institutions that took place March 20-26, the Seoul government announced Wednesday.

The Ministry of Science, ICT and Future Planning said its initial investigation found that the attacks were masterminded by the Reconnaissance General Bureau, Pyongyang’s premier intelligence body that is reported to be overseeing the operations of a special elite unit consisting of thousands of cyber warfare experts.

The Cyber Terror Response Center at the Korean National Police Agency (Yonhap News)
Citing a large number of similarities between the March attacks and previous incidents carried out by North Korea, the joint response team said that Pyongyang was the most likely mastermind behind the incident.

The team, consisting of government, military and civilian organizations, also said that those responsible appeared to have implanted the codes used in the attack as many as eight months ago.

“The attacker gained control of personal computers or server computers within the target organizations at least eight months ago,” the ministry said. The ministry also announced that the government would hold a cyber security conference on Thursday as part of efforts to establish tougher cyber defenses against future attacks.

“After maintaining monitoring activities, (the attackers) sent out the command to delete data stored in the server, and distributed malware to individual computers through the central server.”

On March 20, the websites and internal networks of broadcasters KBS, MBC and YTN, and three financial institutions including Shinhan Bank and Nonghyup, experienced malfunctions due to malware that originated from overseas.

Less than a week later, attacks were carried out against organizations concerning North Korea and those operated by conservative groups, resulting in their data being deleted.

The investigation has shown that more than 30 of the 76 different types of code collected from equipment affected or involved in the last month’s attack were identical to those used in previous attacks.

In addition, 22 of the 49 internet protocol addresses involved in the attack were the same as those used in cyber attacks carried out by North Korea since 2009, the Science Ministry said.

The investigators also said that at least six computers located within North Korea accessed the financial institutions’ computer systems on 1,590 occasions since June 28, 2012.

Over the period, the North Korean hackers spread malware and extracted information stored in the affected computers.

By Choi He-suk  (cheesuk@heraldcorp.com)

Photo News

티아라 효민 멋진 뒤태에 남심 흔들

섹시백 선발대회 몸매 뽐내는 참가자들

카자흐 女배구선수 초특급 미모, 전세계 ‘깜짝’