from apperspective.net: South Korean broadcasters and banks were hit with a cyber
attack at 2 PM local time on Wednesday, temporarily taking down
computers inside companies like Shinhan Bank, Nonghyup Bank, Munhwa
Broadcasting Corp., Yonhap Television News and Korea Broadcasting
According to media reports, computers inside those companies failed
to boot up following the attack, instead bringing up an image of three
skulls with the message “"hacked by Whois Team." (pictured)
late Tuesday night (South Korean time) that the attacker likely
penetrated the companies’ networks through their internet service
providers. One of the ISPs, LG Uplus, has said it believes its networks
were hacked just prior to the attacks on the country.
The malware—which is already being called DarkSeoul— reportedly damaged nearly 32,000 servers across the country.
In an initial assessment of the malware,
Sophos, computer security firm, identified it as, Mal/EncPk-ACE, and
described the malware as “not particularly sophisticated.” In fact, the
company said its products have been able to detect the virus for over a
year, and that the attackers had not tried to obfuscate “the various
commands in the malicious.”
That said, tracing the origin of the attack is likely to prove
difficult. Just hours ago South Korean officials announced that the
malware was traced to an IP address in China, with South Korean
communication regulator, Park Jae-moon, telling reporters that:
“Unidentified hackers used a Chinese IP address to contact servers of
the six affected organizations and plant the malware which attacked
Park quickly added that this fact revealed little about the location
and identity of the attacker, who could be routing the attack through IP
addresses in other countries. “At this stage, we're still making our
best efforts to trace the origin of attacks, keeping all kinds of
possibilities open," Park said.
North Korea almost certainly tops the list of those possibilities.
Pyongyang is believed to be behind at least two prior large cyber
attacks on South Korea in 2009 and 2011.
Scott Snyder of the Council on Foreign Relations told The Diplomat
in an email that, although authorities don’t know who was behind the
attacks yet, Pyongyang’s successful asymmetric provocations usually have
three characteristics: an element of surprise, ambiguity in
attribution, and they are difficult to respond to proportionately in a
manner that doesn’t escalate hostilities further.
Speaking of Tuesday’s cyber-attacks Snyder added, “This sort of
attack would fulfill those characteristics; what remains is the question
of whether there is proof that North Korea was behind it.”